Security News

CVE-2018-15209

National Vulnerability Database - Wed, 08/08/2018 - 00:29
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
Categories: Security News

Vuln: Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 08/08/2018 - 00:00
Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability
Categories: Security News

Vuln: Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 08/08/2018 - 00:00
Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
Categories: Security News

CVE-2018-15197

National Vulnerability Database - Tue, 08/07/2018 - 23:29
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
Categories: Security News

CVE-2018-15198

National Vulnerability Database - Tue, 08/07/2018 - 23:29
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
Categories: Security News

CVE-2018-15199

National Vulnerability Database - Tue, 08/07/2018 - 23:29
AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.
Categories: Security News

CVE-2018-15192

National Vulnerability Database - Tue, 08/07/2018 - 22:29
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
Categories: Security News

CVE-2018-15193

National Vulnerability Database - Tue, 08/07/2018 - 22:29
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
Categories: Security News

CVE-2018-15175

National Vulnerability Database - Tue, 08/07/2018 - 20:29
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
Categories: Security News

CVE-2018-15176

National Vulnerability Database - Tue, 08/07/2018 - 20:29
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.
Categories: Security News

CVE-2018-15177

National Vulnerability Database - Tue, 08/07/2018 - 20:29
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
Categories: Security News

CVE-2018-15178

National Vulnerability Database - Tue, 08/07/2018 - 20:29
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
Categories: Security News

CVE-2018-15137

National Vulnerability Database - Tue, 08/07/2018 - 20:29
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
Categories: Security News

CVE-2018-15168

National Vulnerability Database - Tue, 08/07/2018 - 20:29
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Categories: Security News

CVE-2018-15169

National Vulnerability Database - Tue, 08/07/2018 - 20:29
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
Categories: Security News

CVE-2018-15173

National Vulnerability Database - Tue, 08/07/2018 - 20:29
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
Categories: Security News

CVE-2018-15174

National Vulnerability Database - Tue, 08/07/2018 - 20:29
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.
Categories: Security News

CVE-2013-7464

National Vulnerability Database - Tue, 08/07/2018 - 20:29
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
Categories: Security News

CVE-2018-5383

National Vulnerability Database - Tue, 08/07/2018 - 17:29
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Categories: Security News

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-18:08.tcp

SecurityFocus Vulnerabilities - Tue, 08/07/2018 - 16:20
FreeBSD Security Advisory FreeBSD-SA-18:08.tcp
Categories: Security News

Pages