Security News

CVE-2018-10255

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Categories: Security News

CVE-2018-10256

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
Categories: Security News

CVE-2018-10257

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Categories: Security News

CVE-2018-10258

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Categories: Security News

CVE-2018-10259

National Vulnerability Database - Tue, 05/01/2018 - 15:29
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
Categories: Security News

CVE-2018-10260

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
Categories: Security News

CVE-2013-0159

National Vulnerability Database - Tue, 05/01/2018 - 15:29
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
Categories: Security News

CVE-2013-0185

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
Categories: Security News

CVE-2013-2049

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
Categories: Security News

CVE-2013-4201

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
Categories: Security News

CVE-2013-4209

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.
Categories: Security News

CVE-2013-4035

National Vulnerability Database - Tue, 05/01/2018 - 14:29
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
Categories: Security News

CVE-2013-4040

National Vulnerability Database - Tue, 05/01/2018 - 14:29
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176.
Categories: Security News

CVE-2017-14012

National Vulnerability Database - Tue, 05/01/2018 - 14:29
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Categories: Security News

CVE-2017-14014

National Vulnerability Database - Tue, 05/01/2018 - 14:29
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Categories: Security News

CVE-2017-5535

National Vulnerability Database - Tue, 05/01/2018 - 14:29
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
Categories: Security News

CVE-2017-5536

National Vulnerability Database - Tue, 05/01/2018 - 14:29
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.
Categories: Security News

CVE-2018-6589

National Vulnerability Database - Tue, 05/01/2018 - 14:29
CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors.
Categories: Security News

CVE-2018-9232

National Vulnerability Database - Tue, 05/01/2018 - 14:29
Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update.
Categories: Security News

CVE-2018-9336

National Vulnerability Database - Tue, 05/01/2018 - 14:29
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
Categories: Security News

Pages