Security News

CVE-2018-11670

National Vulnerability Database - Fri, 06/01/2018 - 13:29
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
Categories: Security News

CVE-2018-11671

National Vulnerability Database - Fri, 06/01/2018 - 13:29
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
Categories: Security News

CVE-2018-3743

National Vulnerability Database - Fri, 06/01/2018 - 13:29
Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.
Categories: Security News

CVE-2018-3746

National Vulnerability Database - Fri, 06/01/2018 - 13:29
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
Categories: Security News

CVE-2018-3755

National Vulnerability Database - Fri, 06/01/2018 - 13:29
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Categories: Security News

CVE-2017-2852

National Vulnerability Database - Fri, 06/01/2018 - 11:29
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Categories: Security News

CVE-2017-2858

National Vulnerability Database - Fri, 06/01/2018 - 11:29
An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Categories: Security News

CVE-2017-2860

National Vulnerability Database - Fri, 06/01/2018 - 11:29
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Categories: Security News

CVE-2018-11485

National Vulnerability Database - Fri, 06/01/2018 - 11:29
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.
Categories: Security News

CVE-2018-11486

National Vulnerability Database - Fri, 06/01/2018 - 11:29
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.
Categories: Security News

CVE-2018-11628

National Vulnerability Database - Fri, 06/01/2018 - 11:29
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
Categories: Security News

CVE-2018-11652

National Vulnerability Database - Fri, 06/01/2018 - 11:29
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
Categories: Security News

CVE-2018-11655

National Vulnerability Database - Fri, 06/01/2018 - 11:29
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
Categories: Security News

CVE-2018-11656

National Vulnerability Database - Fri, 06/01/2018 - 11:29
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
Categories: Security News

CVE-2018-11657

National Vulnerability Database - Fri, 06/01/2018 - 11:29
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
Categories: Security News

CVE-2017-17171

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.
Categories: Security News

CVE-2017-6153

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.
Categories: Security News

CVE-2018-11649

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Hue 3.12 has XSS via the /pig/save/ name and script parameters.
Categories: Security News

CVE-2018-11650

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
Categories: Security News

CVE-2018-11651

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.
Categories: Security News

Pages