Security News

CVE-2018-19052

National Vulnerability Database - Wed, 11/07/2018 - 00:29
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
Categories: Security News

CVE-2018-19053

National Vulnerability Database - Wed, 11/07/2018 - 00:29
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code.
Categories: Security News

Vuln: Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability

SecurityFocus Vulnerabilities - Wed, 11/07/2018 - 00:00
Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability
Categories: Security News

Vuln: Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 11/07/2018 - 00:00
Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
Categories: Security News

Vuln: Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 11/07/2018 - 00:00
Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
Categories: Security News

CVE-2018-19050

National Vulnerability Database - Tue, 11/06/2018 - 23:29
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
Categories: Security News

CVE-2018-19051

National Vulnerability Database - Tue, 11/06/2018 - 23:29
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
Categories: Security News

CVE-2018-12411

National Vulnerability Database - Tue, 11/06/2018 - 18:29
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.
Categories: Security News

CVE-2018-12412

National Vulnerability Database - Tue, 11/06/2018 - 18:29
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0.
Categories: Security News

CVE-2018-12413

National Vulnerability Database - Tue, 11/06/2018 - 18:29
The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.
Categories: Security News

CVE-2018-12414

National Vulnerability Database - Tue, 11/06/2018 - 18:29
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
Categories: Security News

CVE-2018-12415

National Vulnerability Database - Tue, 11/06/2018 - 18:29
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including 8.4.0.
Categories: Security News

CVE-2018-14667

National Vulnerability Database - Tue, 11/06/2018 - 17:29
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Categories: Security News

CVE-2018-17186

National Vulnerability Database - Tue, 11/06/2018 - 15:29
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
Categories: Security News

CVE-2018-16472

National Vulnerability Database - Tue, 11/06/2018 - 14:29
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
Categories: Security News

CVE-2018-16473

National Vulnerability Database - Tue, 11/06/2018 - 14:29
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
Categories: Security News

CVE-2018-16474

National Vulnerability Database - Tue, 11/06/2018 - 14:29
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.
Categories: Security News

CVE-2018-16475

National Vulnerability Database - Tue, 11/06/2018 - 14:29
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
Categories: Security News

CVE-2018-17184

National Vulnerability Database - Tue, 11/06/2018 - 14:29
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.
Categories: Security News

CVE-2018-9445

National Vulnerability Database - Tue, 11/06/2018 - 12:29
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257.
Categories: Security News

Pages