Security News

CVE-2017-1000169

National Vulnerability Database - Fri, 11/17/2017 - 13:29
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
Categories: Security News

CVE-2017-1000170

National Vulnerability Database - Fri, 11/17/2017 - 13:29
jqueryFileTree 2.1.5 and older Directory Traversal
Categories: Security News

CVE-2017-13700

National Vulnerability Database - Fri, 11/17/2017 - 13:29
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
Categories: Security News

CVE-2017-13702

National Vulnerability Database - Fri, 11/17/2017 - 13:29
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
Categories: Security News

CVE-2017-13703

National Vulnerability Database - Fri, 11/17/2017 - 13:29
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
Categories: Security News

CVE-2017-1000191

National Vulnerability Database - Fri, 11/17/2017 - 12:29
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.
Categories: Security News

CVE-2017-1000192

National Vulnerability Database - Fri, 11/17/2017 - 12:29
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.
Categories: Security News

CVE-2017-16819

National Vulnerability Database - Fri, 11/17/2017 - 12:29
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
Categories: Security News

CVE-2017-16877

National Vulnerability Database - Fri, 11/17/2017 - 12:29
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
Categories: Security News

CVE-2017-16875

National Vulnerability Database - Fri, 11/17/2017 - 11:29
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
Categories: Security News

CVE-2017-1000203

National Vulnerability Database - Fri, 11/17/2017 - 10:29
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
Categories: Security News

CVE-2017-1000206

National Vulnerability Database - Fri, 11/17/2017 - 10:29
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
Categories: Security News

CVE-2017-1000211

National Vulnerability Database - Fri, 11/17/2017 - 10:29
Lynx version 2.8.8 and older is vulnerable to a use after free in the HTML parser resulting in memory disclosure.
Categories: Security News

CVE-2017-1000212

National Vulnerability Database - Fri, 11/17/2017 - 10:29
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.
Categories: Security News

CVE-2017-10886

National Vulnerability Database - Fri, 11/17/2017 - 09:29
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2017-10887

National Vulnerability Database - Fri, 11/17/2017 - 09:29
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2017-10888

National Vulnerability Database - Fri, 11/17/2017 - 09:29
BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.
Categories: Security News

CVE-2017-10889

National Vulnerability Database - Fri, 11/17/2017 - 09:29
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
Categories: Security News

CVE-2017-10890

National Vulnerability Database - Fri, 11/17/2017 - 09:29
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.
Categories: Security News

CVE-2017-4927

National Vulnerability Database - Fri, 11/17/2017 - 09:29
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
Categories: Security News

Pages