Security News

CVE-2018-5701

National Vulnerability Database - Wed, 01/31/2018 - 13:29
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.
Categories: Security News

CVE-2018-5996

National Vulnerability Database - Wed, 01/31/2018 - 13:29
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Categories: Security News

CVE-2018-6462

National Vulnerability Database - Wed, 01/31/2018 - 13:29
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
Categories: Security News

CVE-2018-6464

National Vulnerability Database - Wed, 01/31/2018 - 13:29
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
Categories: Security News

CVE-2018-6465

National Vulnerability Database - Wed, 01/31/2018 - 13:29
The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.
Categories: Security News

CVE-2018-6460

National Vulnerability Database - Wed, 01/31/2018 - 12:29
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
Categories: Security News

CVE-2017-8916

National Vulnerability Database - Wed, 01/31/2018 - 11:29
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
Categories: Security News

CVE-2018-6384

National Vulnerability Database - Wed, 01/31/2018 - 11:29
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
Categories: Security News

CVE-2017-1233

National Vulnerability Database - Wed, 01/31/2018 - 10:29
IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.
Categories: Security News

CVE-2017-1773

National Vulnerability Database - Wed, 01/31/2018 - 10:29
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Categories: Security News

CVE-2017-1000411

National Vulnerability Database - Wed, 01/31/2018 - 09:29
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.
Categories: Security News

CVE-2017-15698

National Vulnerability Database - Wed, 01/31/2018 - 09:29
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.
Categories: Security News

CVE-2017-15706

National Vulnerability Database - Wed, 01/31/2018 - 09:29
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.
Categories: Security News

CVE-2017-16858

National Vulnerability Database - Wed, 01/31/2018 - 09:29
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.
Categories: Security News

CVE-2018-1000001

National Vulnerability Database - Wed, 01/31/2018 - 09:29
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Categories: Security News

Bugtraq: SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 03:20
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433
Categories: Security News

Bugtraq: [SECURITY] [DSA 4094-2] smarty3 security update

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 03:20
[SECURITY] [DSA 4094-2] smarty3 security update
Categories: Security News

Bugtraq: Defense in depth -- the Microsoft way (part 49): fun with application manifests

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 03:20
Defense in depth -- the Microsoft way (part 49): fun with application manifests
Categories: Security News

CVE-2018-6412

National Vulnerability Database - Wed, 01/31/2018 - 02:29
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
Categories: Security News

Vuln: Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 00:00
Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
Categories: Security News

Pages