Security News

CVE-2018-14448

National Vulnerability Database - Fri, 07/20/2018 - 09:29
Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav.
Categories: Security News

CVE-2018-14442

National Vulnerability Database - Fri, 07/20/2018 - 08:29
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.
Categories: Security News

Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 05:20
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
Categories: Security News

Bugtraq: Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 05:20
Secunia Research: LibRaw "parse_minolta()" Infinite Loop Denial of Service Vulnerability
Categories: Security News

Bugtraq: Adobe Systems - Arbitrary Code Injection Vulnerability

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 05:20
Adobe Systems - Arbitrary Code Injection Vulnerability
Categories: Security News

Bugtraq: [slackware-security] httpd (SSA:2018-199-01)

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 05:20
[slackware-security] httpd (SSA:2018-199-01)
Categories: Security News

CVE-2016-10727

National Vulnerability Database - Fri, 07/20/2018 - 00:29
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
Categories: Security News

Vuln: Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 00:00
Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
Categories: Security News

Vuln: Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 00:00
Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
Categories: Security News

Vuln: Oracle MySQL Server Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 00:00
Oracle MySQL Server Multiple Security Vulnerabilities
Categories: Security News

Vuln: Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 00:00
Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
Categories: Security News

Vuln: Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Fri, 07/20/2018 - 00:00
Microsoft .NET Framework CVE-2018-8356 Security Bypass Vulnerability
Categories: Security News

CVE-2018-8018

National Vulnerability Database - Thu, 07/19/2018 - 21:29
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.
Categories: Security News

CVE-2018-14415

National Vulnerability Database - Thu, 07/19/2018 - 21:29
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
Categories: Security News

CVE-2018-14418

National Vulnerability Database - Thu, 07/19/2018 - 21:29
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
Categories: Security News

CVE-2018-14419

National Vulnerability Database - Thu, 07/19/2018 - 21:29
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.
Categories: Security News

CVE-2018-14420

National Vulnerability Database - Thu, 07/19/2018 - 21:29
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
Categories: Security News

CVE-2018-14421

National Vulnerability Database - Thu, 07/19/2018 - 21:29
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.
Categories: Security News

CVE-2018-14422

National Vulnerability Database - Thu, 07/19/2018 - 21:29
blog/index.php in SansCMS 0.7 has XSS via the q parameter.
Categories: Security News

CVE-2017-18343

National Vulnerability Database - Thu, 07/19/2018 - 20:29
** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.
Categories: Security News

Pages