Security News

CVE-2017-1000193

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
Categories: Security News

CVE-2017-1000194

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
Categories: Security News

CVE-2017-1000195

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
Categories: Security News

CVE-2017-1000196

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
Categories: Security News

CVE-2017-1000197

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
Categories: Security News

CVE-2017-1000198

National Vulnerability Database - Thu, 11/16/2017 - 21:29
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
Categories: Security News

CVE-2017-1000199

National Vulnerability Database - Thu, 11/16/2017 - 21:29
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
Categories: Security News

CVE-2017-1000200

National Vulnerability Database - Thu, 11/16/2017 - 21:29
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
Categories: Security News

CVE-2017-1000174

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, an address access exception was found in swfdump swf_GetBits().
Categories: Security News

CVE-2017-1000176

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a memcpy buffer overflow was found in swfc.
Categories: Security News

CVE-2017-1000182

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a memory leak was found in wav2swf.
Categories: Security News

CVE-2017-1000185

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a memcpy buffer overflow was found in gif2swf.
Categories: Security News

CVE-2017-1000186

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a stack overflow was found in pdf2swf.
Categories: Security News

CVE-2017-1000187

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
Categories: Security News

CVE-2017-1000210

National Vulnerability Database - Thu, 11/16/2017 - 20:29
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
Categories: Security News

CVE-2017-1000213

National Vulnerability Database - Thu, 11/16/2017 - 20:29
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
Categories: Security News

CVE-2017-1000220

National Vulnerability Database - Thu, 11/16/2017 - 20:29
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution
Categories: Security News

CVE-2017-1000218

National Vulnerability Database - Thu, 11/16/2017 - 19:29
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
Categories: Security News

CVE-2017-1000219

National Vulnerability Database - Thu, 11/16/2017 - 19:29
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user
Categories: Security News

CVE-2017-1000224

National Vulnerability Database - Thu, 11/16/2017 - 19:29
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin
Categories: Security News

Pages