Security News

CVE-2018-5980

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
Categories: Security News

CVE-2018-5981

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.
Categories: Security News

CVE-2018-5982

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
Categories: Security News

CVE-2018-5983

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
Categories: Security News

CVE-2018-5987

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
Categories: Security News

CVE-2018-5989

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
Categories: Security News

CVE-2018-5990

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
Categories: Security News

CVE-2018-5991

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
Categories: Security News

CVE-2018-5992

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
Categories: Security News

CVE-2018-5993

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
Categories: Security News

CVE-2018-5994

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
Categories: Security News

CVE-2018-3609

National Vulnerability Database - Fri, 02/16/2018 - 17:29
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
Categories: Security News

CVE-2018-6218

National Vulnerability Database - Fri, 02/16/2018 - 17:29
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
Categories: Security News

Bugtraq: [slackware-security] irssi (SSA:2018-046-01)

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
[slackware-security] irssi (SSA:2018-046-01)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4115-1] quagga security update

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
[SECURITY] [DSA 4115-1] quagga security update
Categories: Security News

Bugtraq: Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Categories: Security News

Bugtraq: Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload
Categories: Security News

CVE-2018-1049

National Vulnerability Database - Fri, 02/16/2018 - 16:29
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
Categories: Security News

CVE-2017-18089

National Vulnerability Database - Fri, 02/16/2018 - 13:29
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.
Categories: Security News

CVE-2017-18090

National Vulnerability Database - Fri, 02/16/2018 - 13:29
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
Categories: Security News

Pages