Security News

CVE-2018-10904

National Vulnerability Database - Tue, 09/04/2018 - 09:29
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
Categories: Security News

CVE-2018-0675

National Vulnerability Database - Tue, 09/04/2018 - 09:29
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors.
Categories: Security News

CVE-2018-0674

National Vulnerability Database - Tue, 09/04/2018 - 09:29
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors.
Categories: Security News

CVE-2018-0672

National Vulnerability Database - Tue, 09/04/2018 - 09:29
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-0664

National Vulnerability Database - Tue, 09/04/2018 - 09:29
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
Categories: Security News

CVE-2018-0656

National Vulnerability Database - Tue, 09/04/2018 - 09:29
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-0646

National Vulnerability Database - Tue, 09/04/2018 - 09:29
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
Categories: Security News

CVE-2018-14627

National Vulnerability Database - Tue, 09/04/2018 - 08:29
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
Categories: Security News

CVE-2018-16458

National Vulnerability Database - Tue, 09/04/2018 - 07:29
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article.
Categories: Security News

CVE-2018-16450

National Vulnerability Database - Tue, 09/04/2018 - 00:29
CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.
Categories: Security News

CVE-2018-16444

National Vulnerability Database - Tue, 09/04/2018 - 00:29
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
Categories: Security News

CVE-2018-16445

National Vulnerability Database - Tue, 09/04/2018 - 00:29
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.
Categories: Security News

CVE-2018-16446

National Vulnerability Database - Tue, 09/04/2018 - 00:29
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
Categories: Security News

CVE-2018-16447

National Vulnerability Database - Tue, 09/04/2018 - 00:29
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
Categories: Security News

CVE-2018-16448

National Vulnerability Database - Tue, 09/04/2018 - 00:29
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
Categories: Security News

CVE-2018-16449

National Vulnerability Database - Tue, 09/04/2018 - 00:29
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
Categories: Security News

Vuln: Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 09/04/2018 - 00:00
Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
Categories: Security News

CVE-2018-16432

National Vulnerability Database - Mon, 09/03/2018 - 20:29
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.
Categories: Security News

CVE-2018-16435

National Vulnerability Database - Mon, 09/03/2018 - 20:29
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Categories: Security News

CVE-2018-16438

National Vulnerability Database - Mon, 09/03/2018 - 20:29
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
Categories: Security News

Pages