Security News

CVE-2017-7525

National Vulnerability Database - Tue, 02/06/2018 - 10:29
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Categories: Security News

CVE-2018-6288

National Vulnerability Database - Tue, 02/06/2018 - 10:29
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2018-6289

National Vulnerability Database - Tue, 02/06/2018 - 10:29
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2018-6290

National Vulnerability Database - Tue, 02/06/2018 - 10:29
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2018-6291

National Vulnerability Database - Tue, 02/06/2018 - 10:29
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2013-4317

National Vulnerability Database - Tue, 02/06/2018 - 09:29
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Categories: Security News

CVE-2016-6813

National Vulnerability Database - Tue, 02/06/2018 - 09:29
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
Categories: Security News

CVE-2018-6466

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6467

National Vulnerability Database - Tue, 02/06/2018 - 09:29
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.
Categories: Security News

CVE-2018-6468

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6469

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6656

National Vulnerability Database - Tue, 02/06/2018 - 09:29
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
Categories: Security News

CVE-2017-6169

National Vulnerability Database - Tue, 02/06/2018 - 08:29
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.
Categories: Security News

CVE-2017-6258

National Vulnerability Database - Tue, 02/06/2018 - 08:29
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.
Categories: Security News

CVE-2017-6279

National Vulnerability Database - Tue, 02/06/2018 - 08:29
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.
Categories: Security News

Bugtraq: [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 02/06/2018 - 08:20
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Categories: Security News

Vuln: Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy

SecurityFocus Vulnerabilities - Tue, 02/06/2018 - 00:00
Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
Categories: Security News

CVE-2018-6654

National Vulnerability Database - Mon, 02/05/2018 - 20:29
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
Categories: Security News

CVE-2018-6569

National Vulnerability Database - Mon, 02/05/2018 - 19:29
West Wind Web Server 6.x does not require autheentication for /ADMIN.ASP.
Categories: Security News

CVE-2018-6609

National Vulnerability Database - Mon, 02/05/2018 - 17:29
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
Categories: Security News

Pages