Security News

CVE-2018-14527

National Vulnerability Database - Mon, 07/23/2018 - 04:29
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
Categories: Security News

CVE-2018-14531

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.
Categories: Security News

CVE-2018-14532

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp.
Categories: Security News

CVE-2018-14543

National Vulnerability Database - Mon, 07/23/2018 - 04:29
There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.
Categories: Security News

CVE-2018-14544

National Vulnerability Database - Mon, 07/23/2018 - 04:29
There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
Categories: Security News

CVE-2018-14545

National Vulnerability Database - Mon, 07/23/2018 - 04:29
There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
Categories: Security News

CVE-2018-14549

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.
Categories: Security News

CVE-2018-14551

National Vulnerability Database - Mon, 07/23/2018 - 04:29
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
Categories: Security News

Vuln: Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Mon, 07/23/2018 - 00:00
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
Categories: Security News

CVE-2018-14505

National Vulnerability Database - Sun, 07/22/2018 - 14:29
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
Categories: Security News

CVE-2018-14500

National Vulnerability Database - Sun, 07/22/2018 - 13:29
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
Categories: Security News

CVE-2018-14501

National Vulnerability Database - Sun, 07/22/2018 - 13:29
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
Categories: Security News

CVE-2018-14492

National Vulnerability Database - Sat, 07/21/2018 - 08:29
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
Categories: Security News

Bugtraq: Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Sat, 07/21/2018 - 05:20
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities
Categories: Security News

Bugtraq: Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Sat, 07/21/2018 - 05:20
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities
Categories: Security News

CVE-2018-3770

National Vulnerability Database - Fri, 07/20/2018 - 18:29
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Categories: Security News

CVE-2018-3771

National Vulnerability Database - Fri, 07/20/2018 - 18:29
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Categories: Security News

CVE-2018-5065

National Vulnerability Database - Fri, 07/20/2018 - 15:29
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-5066

National Vulnerability Database - Fri, 07/20/2018 - 15:29
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2018-5067

National Vulnerability Database - Fri, 07/20/2018 - 15:29
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

Pages