Security News

Bugtraq: [security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification

SecurityFocus Vulnerabilities - Wed, 02/14/2018 - 15:20
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification
Categories: Security News

CVE-2017-6229

National Vulnerability Database - Wed, 02/14/2018 - 14:29
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.
Categories: Security News

CVE-2017-6230

National Vulnerability Database - Wed, 02/14/2018 - 14:29
Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems.
Categories: Security News

CVE-2018-7039

National Vulnerability Database - Wed, 02/14/2018 - 14:29
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information.
Categories: Security News

CVE-2017-18187

National Vulnerability Database - Wed, 02/14/2018 - 12:29
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
Categories: Security News

CVE-2018-7034

National Vulnerability Database - Wed, 02/14/2018 - 11:29
TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.
Categories: Security News

CVE-2017-1499

National Vulnerability Database - Wed, 02/14/2018 - 10:29
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
Categories: Security News

CVE-2017-1682

National Vulnerability Database - Wed, 02/14/2018 - 10:29
IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004.
Categories: Security News

CVE-2018-7032

National Vulnerability Database - Wed, 02/14/2018 - 10:29
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.
Categories: Security News

CVE-2018-1287

National Vulnerability Database - Wed, 02/14/2018 - 09:29
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
Categories: Security News

CVE-2018-2383

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Categories: Security News

CVE-2018-2384

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
Categories: Security News

CVE-2018-2385

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
Categories: Security News

CVE-2018-2386

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Categories: Security News

CVE-2018-2387

National Vulnerability Database - Wed, 02/14/2018 - 07:29
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
Categories: Security News

CVE-2018-2388

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Categories: Security News

CVE-2018-2389

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
Categories: Security News

CVE-2018-2390

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.
Categories: Security News

CVE-2018-2391

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.
Categories: Security News

CVE-2018-2392

National Vulnerability Database - Wed, 02/14/2018 - 07:29
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Categories: Security News

Pages