Security News

CVE-2018-18890

National Vulnerability Database - Wed, 10/31/2018 - 21:29
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
Categories: Security News

CVE-2018-18891

National Vulnerability Database - Wed, 10/31/2018 - 21:29
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
Categories: Security News

CVE-2018-18892

National Vulnerability Database - Wed, 10/31/2018 - 21:29
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
Categories: Security News

CVE-2018-18883

National Vulnerability Database - Wed, 10/31/2018 - 20:29
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
Categories: Security News

CVE-2016-6328

National Vulnerability Database - Wed, 10/31/2018 - 18:29
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Categories: Security News

CVE-2018-14651

National Vulnerability Database - Wed, 10/31/2018 - 18:29
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Categories: Security News

CVE-2018-15705

National Vulnerability Database - Wed, 10/31/2018 - 18:29
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
Categories: Security News

CVE-2018-15706

National Vulnerability Database - Wed, 10/31/2018 - 18:29
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Categories: Security News

CVE-2018-15707

National Vulnerability Database - Wed, 10/31/2018 - 18:29
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
Categories: Security News

CVE-2016-2125

National Vulnerability Database - Wed, 10/31/2018 - 16:29
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
Categories: Security News

CVE-2018-11759

National Vulnerability Database - Wed, 10/31/2018 - 16:29
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
Categories: Security News

CVE-2018-14661

National Vulnerability Database - Wed, 10/31/2018 - 16:29
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
Categories: Security News

CVE-2018-14652

National Vulnerability Database - Wed, 10/31/2018 - 15:29
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
Categories: Security News

CVE-2018-14653

National Vulnerability Database - Wed, 10/31/2018 - 15:29
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
Categories: Security News

CVE-2018-14654

National Vulnerability Database - Wed, 10/31/2018 - 15:29
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.
Categories: Security News

CVE-2018-14659

National Vulnerability Database - Wed, 10/31/2018 - 15:29
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
Categories: Security News

CVE-2018-16842

National Vulnerability Database - Wed, 10/31/2018 - 15:29
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Categories: Security News

CVE-2018-16839

National Vulnerability Database - Wed, 10/31/2018 - 14:29
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Categories: Security News

CVE-2018-16840

National Vulnerability Database - Wed, 10/31/2018 - 14:29
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Categories: Security News

CVE-2018-13281

National Vulnerability Database - Wed, 10/31/2018 - 12:29
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.
Categories: Security News

Pages