Security News

CVE-2017-16635

National Vulnerability Database - Mon, 11/06/2017 - 17:29
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.
Categories: Security News

CVE-2017-16636

National Vulnerability Database - Mon, 11/06/2017 - 17:29
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.
Categories: Security News

CVE-2017-16637

National Vulnerability Database - Mon, 11/06/2017 - 17:29
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.
Categories: Security News

CVE-2017-15306

National Vulnerability Database - Mon, 11/06/2017 - 13:29
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
Categories: Security News

CVE-2015-7529

National Vulnerability Database - Mon, 11/06/2017 - 12:29
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
Categories: Security News

CVE-2015-7878

National Vulnerability Database - Mon, 11/06/2017 - 12:29
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.
Categories: Security News

CVE-2017-11177

National Vulnerability Database - Mon, 11/06/2017 - 12:29
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.
Categories: Security News

CVE-2017-15672

National Vulnerability Database - Mon, 11/06/2017 - 12:29
The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
Categories: Security News

CVE-2017-16001

National Vulnerability Database - Mon, 11/06/2017 - 12:29
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
Categories: Security News

CVE-2017-7425

National Vulnerability Database - Mon, 11/06/2017 - 12:29
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
Categories: Security News

Bugtraq: CVE-2017-9096 iText XML External Entity Vulnerability

SecurityFocus Vulnerabilities - Mon, 11/06/2017 - 12:20
CVE-2017-9096 iText XML External Entity Vulnerability
Categories: Security News

Bugtraq: [SECURITY] [DSA 4019-1] imagemagick security update

SecurityFocus Vulnerabilities - Mon, 11/06/2017 - 12:20
[SECURITY] [DSA 4019-1] imagemagick security update
Categories: Security News

Bugtraq: Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 22

SecurityFocus Vulnerabilities - Mon, 11/06/2017 - 12:20
Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 22
Categories: Security News

Bugtraq: Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec)

SecurityFocus Vulnerabilities - Mon, 11/06/2017 - 12:20
Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec)
Categories: Security News

CVE-2017-15039

National Vulnerability Database - Mon, 11/06/2017 - 03:29
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Categories: Security News

CVE-2017-16524

National Vulnerability Database - Mon, 11/06/2017 - 03:29
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
Categories: Security News

CVE-2017-16563

National Vulnerability Database - Mon, 11/06/2017 - 03:29
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
Categories: Security News

CVE-2017-16564

National Vulnerability Database - Mon, 11/06/2017 - 03:29
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
Categories: Security News

CVE-2017-16565

National Vulnerability Database - Mon, 11/06/2017 - 03:29
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.
Categories: Security News

CVE-2017-16569

National Vulnerability Database - Mon, 11/06/2017 - 03:29
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
Categories: Security News

Pages