Security News

CVE-2017-11650

National Vulnerability Database - Tue, 03/06/2018 - 21:29
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp.
Categories: Security News

CVE-2018-5461

National Vulnerability Database - Tue, 03/06/2018 - 16:29
An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
Categories: Security News

CVE-2018-5465

National Vulnerability Database - Tue, 03/06/2018 - 16:29
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.
Categories: Security News

CVE-2018-5467

National Vulnerability Database - Tue, 03/06/2018 - 16:29
An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.
Categories: Security News

CVE-2018-5469

National Vulnerability Database - Tue, 03/06/2018 - 16:29
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.
Categories: Security News

CVE-2018-5471

National Vulnerability Database - Tue, 03/06/2018 - 16:29
A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
Categories: Security News

CVE-2018-7736

National Vulnerability Database - Tue, 03/06/2018 - 16:29
In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter.
Categories: Security News

CVE-2018-7737

National Vulnerability Database - Tue, 03/06/2018 - 16:29
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php.
Categories: Security News

CVE-2018-6808

National Vulnerability Database - Tue, 03/06/2018 - 15:29
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
Categories: Security News

CVE-2018-6809

National Vulnerability Database - Tue, 03/06/2018 - 15:29
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
Categories: Security News

CVE-2018-6810

National Vulnerability Database - Tue, 03/06/2018 - 15:29
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
Categories: Security News

CVE-2018-6811

National Vulnerability Database - Tue, 03/06/2018 - 15:29
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
Categories: Security News

CVE-2018-7170

National Vulnerability Database - Tue, 03/06/2018 - 15:29
nptd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
Categories: Security News

CVE-2018-7182

National Vulnerability Database - Tue, 03/06/2018 - 15:29
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
Categories: Security News

CVE-2018-7184

National Vulnerability Database - Tue, 03/06/2018 - 15:29
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
Categories: Security News

CVE-2018-7185

National Vulnerability Database - Tue, 03/06/2018 - 15:29
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
Categories: Security News

CVE-2015-5377

National Vulnerability Database - Tue, 03/06/2018 - 15:29
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability.
Categories: Security News

CVE-2017-15519

National Vulnerability Database - Tue, 03/06/2018 - 15:29
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation.
Categories: Security News

CVE-2018-1343

National Vulnerability Database - Tue, 03/06/2018 - 15:29
PAM exposure enabling unauthenticated access to remote host
Categories: Security News

CVE-2018-5729

National Vulnerability Database - Tue, 03/06/2018 - 15:29
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
Categories: Security News

Pages