Security News

CVE-2017-16835

National Vulnerability Database - Tue, 02/20/2018 - 01:29
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
Categories: Security News

CVE-2017-18192

National Vulnerability Database - Tue, 02/20/2018 - 01:29
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
Categories: Security News

Vuln: Apple iOS/WatchOS/macOS/tvOS CVE-2018-4124 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 02/20/2018 - 00:00
Apple iOS/WatchOS/macOS/tvOS CVE-2018-4124 Denial of Service Vulnerability
Categories: Security News

Vuln: ABB netCADOPS Web Application CVE-2018-5477 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Tue, 02/20/2018 - 00:00
ABB netCADOPS Web Application CVE-2018-5477 Information Disclosure Vulnerability
Categories: Security News

Bugtraq: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
Categories: Security News

Bugtraq: Kentico CMS version 9 through 11 - Arbitrary Code Execution

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
Kentico CMS version 9 through 11 - Arbitrary Code Execution
Categories: Security News

Bugtraq: [SECURITY] [DSA 4118-1] tomcat-native security update

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
[SECURITY] [DSA 4118-1] tomcat-native security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4117-1] gcc-4.9 security update

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
[SECURITY] [DSA 4117-1] gcc-4.9 security update
Categories: Security News

CVE-2018-7259

National Vulnerability Database - Mon, 02/19/2018 - 19:29
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.
Categories: Security News

CVE-2018-7253

National Vulnerability Database - Mon, 02/19/2018 - 18:29
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Categories: Security News

CVE-2018-7254

National Vulnerability Database - Mon, 02/19/2018 - 18:29
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
Categories: Security News

CVE-2018-7251

National Vulnerability Database - Mon, 02/19/2018 - 17:29
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
Categories: Security News

CVE-2016-10007

National Vulnerability Database - Mon, 02/19/2018 - 16:29
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Categories: Security News

CVE-2016-10008

National Vulnerability Database - Mon, 02/19/2018 - 16:29
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Categories: Security News

CVE-2018-5763

National Vulnerability Database - Mon, 02/19/2018 - 16:29
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
Categories: Security News

CVE-2010-0109

National Vulnerability Database - Mon, 02/19/2018 - 14:29
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
Categories: Security News

CVE-2011-3477

National Vulnerability Database - Mon, 02/19/2018 - 14:29
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.
Categories: Security News

CVE-2012-0771

National Vulnerability Database - Mon, 02/19/2018 - 14:29
Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759.
Categories: Security News

CVE-2014-3972

National Vulnerability Database - Mon, 02/19/2018 - 14:29
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.
Categories: Security News

CVE-2015-2324

National Vulnerability Database - Mon, 02/19/2018 - 14:29
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

Pages