Security News

CVE-2015-4412

National Vulnerability Database - Mon, 02/05/2018 - 11:29
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.
Categories: Security News

CVE-2015-4461

National Vulnerability Database - Mon, 02/05/2018 - 11:29
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
Categories: Security News

CVE-2015-5674

National Vulnerability Database - Mon, 02/05/2018 - 11:29
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.
Categories: Security News

CVE-2017-9414

National Vulnerability Database - Mon, 02/05/2018 - 11:29
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4104-1] p7zip security update

SecurityFocus Vulnerabilities - Mon, 02/05/2018 - 07:20
[SECURITY] [DSA 4104-1] p7zip security update
Categories: Security News

Bugtraq: [slackware-security] php (SSA:2018-034-01)

SecurityFocus Vulnerabilities - Mon, 02/05/2018 - 07:20
[slackware-security] php (SSA:2018-034-01)
Categories: Security News

CVE-2018-6461

National Vulnerability Database - Mon, 02/05/2018 - 02:29
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
Categories: Security News

Vuln: RETIRED: Siemens TeleControl Server Basic Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 02/05/2018 - 00:00
RETIRED: Siemens TeleControl Server Basic Multiple Security Vulnerabilities
Categories: Security News

Vuln: Siemens TeleControl Server Basic CVE-2018-4835 Authentication Bypass Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/05/2018 - 00:00
Siemens TeleControl Server Basic CVE-2018-4835 Authentication Bypass Vulnerability
Categories: Security News

CVE-2018-5787

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5788

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5789

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.
Categories: Security News

CVE-2018-5790

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5791

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5792

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5793

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5794

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.
Categories: Security News

CVE-2018-5795

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.
Categories: Security News

CVE-2018-5796

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.
Categories: Security News

CVE-2018-5797

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
Categories: Security News

Pages