Security News

CVE-2018-10294

National Vulnerability Database - Wed, 05/02/2018 - 17:29
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
Categories: Security News

CVE-2018-10563

National Vulnerability Database - Wed, 05/02/2018 - 17:29
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).
Categories: Security News

CVE-2018-10564

National Vulnerability Database - Wed, 05/02/2018 - 17:29
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
Categories: Security News

CVE-2018-10565

National Vulnerability Database - Wed, 05/02/2018 - 17:29
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.
Categories: Security News

CVE-2018-10566

National Vulnerability Database - Wed, 05/02/2018 - 17:29
XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7.
Categories: Security News

CVE-2018-10567

National Vulnerability Database - Wed, 05/02/2018 - 17:29
XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.
Categories: Security News

CVE-2018-10568

National Vulnerability Database - Wed, 05/02/2018 - 17:29
XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.
Categories: Security News

CVE-2018-10577

National Vulnerability Database - Wed, 05/02/2018 - 17:29
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
Categories: Security News

CVE-2018-10677

National Vulnerability Database - Wed, 05/02/2018 - 15:29
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
Categories: Security News

CVE-2018-10680

National Vulnerability Database - Wed, 05/02/2018 - 15:29
** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug."
Categories: Security News

CVE-2018-1104

National Vulnerability Database - Wed, 05/02/2018 - 15:29
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
Categories: Security News

CVE-2018-8115

National Vulnerability Database - Wed, 05/02/2018 - 15:29
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
Categories: Security News

CVE-2018-10675

National Vulnerability Database - Wed, 05/02/2018 - 14:29
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2018-10676

National Vulnerability Database - Wed, 05/02/2018 - 14:29
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI.
Categories: Security News

CVE-2018-1101

National Vulnerability Database - Wed, 05/02/2018 - 14:29
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
Categories: Security News

CVE-2018-10665

National Vulnerability Database - Wed, 05/02/2018 - 13:29
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
Categories: Security News

CVE-2018-10657

National Vulnerability Database - Wed, 05/02/2018 - 12:29
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
Categories: Security News

CVE-2018-9302

National Vulnerability Database - Wed, 05/02/2018 - 11:29
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4.
Categories: Security News

CVE-2013-6272

National Vulnerability Database - Wed, 05/02/2018 - 11:29
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.
Categories: Security News

CVE-2017-4952

National Vulnerability Database - Wed, 05/02/2018 - 10:29
VMware Xenon 1.x prior to 1.5.7, 1.5.4, 1.3.7, and 1.1.0 contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.
Categories: Security News

Pages