Security News

CVE-2018-19136

National Vulnerability Database - Fri, 11/09/2018 - 14:29
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
Categories: Security News

CVE-2018-19137

National Vulnerability Database - Fri, 11/09/2018 - 14:29
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
Categories: Security News

CVE-2018-1872

National Vulnerability Database - Fri, 11/09/2018 - 11:29
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
Categories: Security News

CVE-2018-19127

National Vulnerability Database - Fri, 11/09/2018 - 07:29
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
Categories: Security News

CVE-2018-19133

National Vulnerability Database - Fri, 11/09/2018 - 06:29
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
Categories: Security News

CVE-2018-19121

National Vulnerability Database - Fri, 11/09/2018 - 06:29
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
Categories: Security News

CVE-2018-19122

National Vulnerability Database - Fri, 11/09/2018 - 06:29
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
Categories: Security News

CVE-2018-19124

National Vulnerability Database - Fri, 11/09/2018 - 06:29
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files.
Categories: Security News

CVE-2018-19125

National Vulnerability Database - Fri, 11/09/2018 - 06:29
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
Categories: Security News

CVE-2018-19126

National Vulnerability Database - Fri, 11/09/2018 - 06:29
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
Categories: Security News

CVE-2018-19128

National Vulnerability Database - Fri, 11/09/2018 - 06:29
In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.
Categories: Security News

CVE-2018-19129

National Vulnerability Database - Fri, 11/09/2018 - 06:29
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
Categories: Security News

CVE-2018-19130

National Vulnerability Database - Fri, 11/09/2018 - 06:29
In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file.
Categories: Security News

CVE-2018-19131

National Vulnerability Database - Fri, 11/09/2018 - 06:29
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Categories: Security News

CVE-2018-19132

National Vulnerability Database - Fri, 11/09/2018 - 06:29
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Categories: Security News

Vuln: Apache Tomcat CVE-2018-8037 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Fri, 11/09/2018 - 00:00
Apache Tomcat CVE-2018-8037 Information Disclosure Vulnerability
Categories: Security News

Vuln: Apache Tomcat CVE-2017-15706 Remote Security Weakness

SecurityFocus Vulnerabilities - Fri, 11/09/2018 - 00:00
Apache Tomcat CVE-2017-15706 Remote Security Weakness
Categories: Security News

CVE-2016-9749

National Vulnerability Database - Thu, 11/08/2018 - 20:29
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.
Categories: Security News

CVE-2017-1119

National Vulnerability Database - Thu, 11/08/2018 - 20:29
IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171.
Categories: Security News

CVE-2018-1684

National Vulnerability Database - Thu, 11/08/2018 - 20:29
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.
Categories: Security News

Pages