Security News

CVE-2018-0661

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration.
Categories: Security News

CVE-2018-0644

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors.
Categories: Security News

CVE-2018-0645

National Vulnerability Database - Fri, 09/07/2018 - 10:29
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.
Categories: Security News

CVE-2018-0647

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Categories: Security News

CVE-2018-0648

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-0649

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-0650

National Vulnerability Database - Fri, 09/07/2018 - 10:29
The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Categories: Security News

CVE-2018-0652

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.
Categories: Security News

CVE-2018-0623

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products.
Categories: Security News

CVE-2018-0624

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.
Categories: Security News

CVE-2018-0642

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-0643

National Vulnerability Database - Fri, 09/07/2018 - 10:29
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
Categories: Security News

CVE-2016-9040

National Vulnerability Database - Fri, 09/07/2018 - 08:29
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.
Categories: Security News

CVE-2018-16650

National Vulnerability Database - Fri, 09/07/2018 - 01:29
phpMyFAQ before 2.9.11 allows CSRF.
Categories: Security News

CVE-2018-16651

National Vulnerability Database - Fri, 09/07/2018 - 01:29
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
Categories: Security News

CVE-2018-16653

National Vulnerability Database - Fri, 09/07/2018 - 01:29
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.
Categories: Security News

CVE-2018-16654

National Vulnerability Database - Fri, 09/07/2018 - 01:29
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
Categories: Security News

CVE-2018-16655

National Vulnerability Database - Fri, 09/07/2018 - 01:29
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
Categories: Security News

CVE-2018-6320

National Vulnerability Database - Thu, 09/06/2018 - 19:29
A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
Categories: Security News

CVE-2018-16261

National Vulnerability Database - Thu, 09/06/2018 - 19:29
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.
Categories: Security News

Pages