Security News

CVE-2018-14873

National Vulnerability Database - Thu, 08/02/2018 - 20:29
An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.
Categories: Security News

CVE-2018-14876

National Vulnerability Database - Thu, 08/02/2018 - 20:29
An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width.
Categories: Security News

CVE-2018-14877

National Vulnerability Database - Thu, 08/02/2018 - 20:29
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.
Categories: Security News

CVE-2017-6213

National Vulnerability Database - Thu, 08/02/2018 - 17:29
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
Categories: Security News

CVE-2017-6215

National Vulnerability Database - Thu, 08/02/2018 - 17:29
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
Categories: Security News

CVE-2018-14858

National Vulnerability Database - Thu, 08/02/2018 - 16:29
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
Categories: Security News

CVE-2017-14444

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.
Categories: Security News

CVE-2017-14445

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.
Categories: Security News

CVE-2017-14446

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability.
Categories: Security News

CVE-2017-16338

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16339

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16340

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16341

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16342

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16343

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16344

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".
Categories: Security News

CVE-2017-16345

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".
Categories: Security News

CVE-2017-16346

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".
Categories: Security News

CVE-2017-16347

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.
Categories: Security News

CVE-2017-16349

National Vulnerability Database - Thu, 08/02/2018 - 15:29
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
Categories: Security News

Pages