Security News

CVE-2018-10026

National Vulnerability Database - Wed, 04/11/2018 - 14:29
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
Categories: Security News

CVE-2018-10028

National Vulnerability Database - Wed, 04/11/2018 - 14:29
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI.
Categories: Security News

CVE-2017-15327

National Vulnerability Database - Wed, 04/11/2018 - 13:29
S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.
Categories: Security News

CVE-2017-17308

National Vulnerability Database - Wed, 04/11/2018 - 13:29
SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has an invalid memory access vulnerability. An unauthenticated, remote attacker may send specially crafted packets to the affected products. Due to insufficient validation of packets, successful exploit may cause some services abnormal.
Categories: Security News

CVE-2017-8154

National Vulnerability Database - Wed, 04/11/2018 - 13:29
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes.
Categories: Security News

CVE-2018-10021

National Vulnerability Database - Wed, 04/11/2018 - 13:29
drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions.
Categories: Security News

CVE-2018-10023

National Vulnerability Database - Wed, 04/11/2018 - 13:29
Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment).
Categories: Security News

CVE-2018-10024

National Vulnerability Database - Wed, 04/11/2018 - 13:29
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
Categories: Security News

CVE-2018-7930

National Vulnerability Database - Wed, 04/11/2018 - 13:29
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.
Categories: Security News

CVE-2018-8953

National Vulnerability Database - Wed, 04/11/2018 - 13:29
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
Categories: Security News

CVE-2018-8954

National Vulnerability Database - Wed, 04/11/2018 - 13:29
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request.
Categories: Security News

CVE-2017-14459

National Vulnerability Database - Wed, 04/11/2018 - 12:29
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
Categories: Security News

CVE-2017-2599

National Vulnerability Database - Wed, 04/11/2018 - 12:29
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
Categories: Security News

CVE-2018-1483

National Vulnerability Database - Wed, 04/11/2018 - 12:29
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
Categories: Security News

CVE-2018-3594

National Vulnerability Database - Wed, 04/11/2018 - 11:29
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings.
Categories: Security News

CVE-2017-18135

National Vulnerability Database - Wed, 04/11/2018 - 11:29
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, in the Wireless Data Service (WDS) module, a buffer overflow can occur.
Categories: Security News

CVE-2017-18136

National Vulnerability Database - Wed, 04/11/2018 - 11:29
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, in the omx aac component, a Use After Free condition may potentially occur.
Categories: Security News

CVE-2017-18137

National Vulnerability Database - Wed, 04/11/2018 - 11:29
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur.
Categories: Security News

CVE-2017-18138

National Vulnerability Database - Wed, 04/11/2018 - 11:29
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur.
Categories: Security News

CVE-2017-18139

National Vulnerability Database - Wed, 04/11/2018 - 11:29
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, a buffer overflow vulnerability may potentially exist while making an IMS call.
Categories: Security News

Pages