Security News

CVE-2017-16755

National Vulnerability Database - Mon, 02/19/2018 - 09:29
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked.
Categories: Security News

CVE-2017-16756

National Vulnerability Database - Mon, 02/19/2018 - 09:29
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.
Categories: Security News

CVE-2017-18092

National Vulnerability Database - Mon, 02/19/2018 - 09:29
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.
Categories: Security News

CVE-2017-18093

National Vulnerability Database - Mon, 02/19/2018 - 09:29
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
Categories: Security News

CVE-2017-18095

National Vulnerability Database - Mon, 02/19/2018 - 09:29
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
Categories: Security News

CVE-2018-1409

National Vulnerability Database - Mon, 02/19/2018 - 09:29
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
Categories: Security News

CVE-2018-1410

National Vulnerability Database - Mon, 02/19/2018 - 09:29
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
Categories: Security News

CVE-2018-1411

National Vulnerability Database - Mon, 02/19/2018 - 09:29
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
Categories: Security News

CVE-2018-6591

National Vulnerability Database - Mon, 02/19/2018 - 09:29
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.
Categories: Security News

CVE-2018-7219

National Vulnerability Database - Mon, 02/19/2018 - 09:29
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
Categories: Security News

CVE-2018-5378

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
Categories: Security News

CVE-2018-5379

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
Categories: Security News

CVE-2018-5380

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
Categories: Security News

CVE-2018-5381

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
Categories: Security News

Vuln: Google Chrome CVE-2018-6056 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 00:00
Google Chrome CVE-2018-6056 Remote Security Vulnerability
Categories: Security News

Vuln: Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 00:00
Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
Categories: Security News

CVE-2017-16924

National Vulnerability Database - Sun, 02/18/2018 - 23:29
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
Categories: Security News

CVE-2018-6024

National Vulnerability Database - Sun, 02/18/2018 - 15:29
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
Categories: Security News

CVE-2018-7212

National Vulnerability Database - Sun, 02/18/2018 - 01:29
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
Categories: Security News

CVE-2018-7216

National Vulnerability Database - Sun, 02/18/2018 - 01:29
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
Categories: Security News

Pages