Security News

CVE-2018-16703

National Vulnerability Database - Fri, 09/07/2018 - 13:29
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI.
Categories: Security News

CVE-2018-16704

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.
Categories: Security News

CVE-2016-9044

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.
Categories: Security News

CVE-2018-16663

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).
Categories: Security News

CVE-2018-16664

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).
Categories: Security News

CVE-2018-16665

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.
Categories: Security News

CVE-2018-16666

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).
Categories: Security News

CVE-2018-16667

National Vulnerability Database - Fri, 09/07/2018 - 13:29
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).
Categories: Security News

CVE-2017-2792

National Vulnerability Database - Fri, 09/07/2018 - 12:29
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability.
Categories: Security News

CVE-2017-2795

National Vulnerability Database - Fri, 09/07/2018 - 12:29
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.
Categories: Security News

CVE-2018-3952

National Vulnerability Database - Fri, 09/07/2018 - 11:29
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.
Categories: Security News

CVE-2018-4010

National Vulnerability Database - Fri, 09/07/2018 - 11:29
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.
Categories: Security News

CVE-2017-1114

National Vulnerability Database - Fri, 09/07/2018 - 11:29
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.
Categories: Security News

CVE-2017-1115

National Vulnerability Database - Fri, 09/07/2018 - 11:29
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.
Categories: Security News

CVE-2018-1567

National Vulnerability Database - Fri, 09/07/2018 - 11:29
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.
Categories: Security News

CVE-2018-1756

National Vulnerability Database - Fri, 09/07/2018 - 11:29
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.
Categories: Security News

CVE-2018-1757

National Vulnerability Database - Fri, 09/07/2018 - 11:29
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601.
Categories: Security News

CVE-2018-1789

National Vulnerability Database - Fri, 09/07/2018 - 11:29
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.
Categories: Security News

CVE-2018-0662

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code.
Categories: Security News

CVE-2018-0663

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.
Categories: Security News

Pages