Security News

CVE-2018-3835

National Vulnerability Database - Mon, 01/29/2018 - 15:29
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.
Categories: Security News

CVE-2018-6393

National Vulnerability Database - Mon, 01/29/2018 - 15:29
FreePBX 10.13.66-32bit allows post-authentication SQL injection via the order parameter.
Categories: Security News

CVE-2017-9513

National Vulnerability Database - Mon, 01/29/2018 - 14:29
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
Categories: Security News

CVE-2018-6390

National Vulnerability Database - Mon, 01/29/2018 - 14:29
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.
Categories: Security News

CVE-2018-6391

National Vulnerability Database - Mon, 01/29/2018 - 14:29
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.
Categories: Security News

CVE-2018-6392

National Vulnerability Database - Mon, 01/29/2018 - 14:29
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
Categories: Security News

CVE-2017-15133

National Vulnerability Database - Mon, 01/29/2018 - 14:29
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.
Categories: Security News

CVE-2017-7516

National Vulnerability Database - Mon, 01/29/2018 - 14:29
It was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory.
Categories: Security News

CVE-2018-6383

National Vulnerability Database - Mon, 01/29/2018 - 13:29
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated admins to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
Categories: Security News

CVE-2018-6387

National Vulnerability Database - Mon, 01/29/2018 - 13:29
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.
Categories: Security News

CVE-2018-6388

National Vulnerability Database - Mon, 01/29/2018 - 13:29
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.
Categories: Security News

CVE-2017-1000353

National Vulnerability Database - Mon, 01/29/2018 - 12:29
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
Categories: Security News

CVE-2017-1000354

National Vulnerability Database - Mon, 01/29/2018 - 12:29
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.
Categories: Security News

CVE-2017-1000355

National Vulnerability Database - Mon, 01/29/2018 - 12:29
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
Categories: Security News

CVE-2017-1000356

National Vulnerability Database - Mon, 01/29/2018 - 12:29
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
Categories: Security News

CVE-2017-12626

National Vulnerability Database - Mon, 01/29/2018 - 12:29
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
Categories: Security News

CVE-2018-6381

National Vulnerability Database - Mon, 01/29/2018 - 12:29
In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
Categories: Security News

CVE-2017-14190

National Vulnerability Database - Mon, 01/29/2018 - 11:29
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
Categories: Security News

CVE-2017-14698

National Vulnerability Database - Mon, 01/29/2018 - 11:29
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
Categories: Security News

CVE-2017-14699

National Vulnerability Database - Mon, 01/29/2018 - 11:29
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
Categories: Security News

Pages