Security News

CVE-2018-10505

National Vulnerability Database - Fri, 06/08/2018 - 10:29
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Categories: Security News

CVE-2018-10506

National Vulnerability Database - Fri, 06/08/2018 - 10:29
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Categories: Security News

CVE-2018-12066

National Vulnerability Database - Fri, 06/08/2018 - 10:29
BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.
Categories: Security News

CVE-2018-8916

National Vulnerability Database - Fri, 06/08/2018 - 09:29
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
Categories: Security News

CVE-2018-8925

National Vulnerability Database - Fri, 06/08/2018 - 09:29
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
Categories: Security News

CVE-2018-8926

National Vulnerability Database - Fri, 06/08/2018 - 09:29
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Categories: Security News

CVE-2011-3172

National Vulnerability Database - Fri, 06/08/2018 - 09:29
A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12.
Categories: Security News

CVE-2017-12075

National Vulnerability Database - Fri, 06/08/2018 - 09:29
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
Categories: Security News

CVE-2017-12078

National Vulnerability Database - Fri, 06/08/2018 - 09:29
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
Categories: Security News

CVE-2017-1405

National Vulnerability Database - Fri, 06/08/2018 - 09:29
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.
Categories: Security News

CVE-2018-1453

National Vulnerability Database - Fri, 06/08/2018 - 09:29
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
Categories: Security News

CVE-2018-10088

National Vulnerability Database - Fri, 06/08/2018 - 08:29
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
Categories: Security News

CVE-2018-11409

National Vulnerability Database - Fri, 06/08/2018 - 08:29
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Categories: Security News

CVE-2018-12064

National Vulnerability Database - Fri, 06/08/2018 - 08:29
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.
Categories: Security News

CVE-2018-12065

National Vulnerability Database - Fri, 06/08/2018 - 08:29
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.
Categories: Security News

CVE-2018-12055

National Vulnerability Database - Fri, 06/08/2018 - 07:29
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
Categories: Security News

CVE-2018-12051

National Vulnerability Database - Fri, 06/08/2018 - 07:29
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.
Categories: Security News

CVE-2018-12052

National Vulnerability Database - Fri, 06/08/2018 - 07:29
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
Categories: Security News

CVE-2018-12053

National Vulnerability Database - Fri, 06/08/2018 - 07:29
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
Categories: Security News

CVE-2018-12054

National Vulnerability Database - Fri, 06/08/2018 - 07:29
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
Categories: Security News

Pages