Security News

CVE-2018-10207

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.
Categories: Security News

CVE-2018-10208

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI.
Categories: Security News

CVE-2018-10209

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name.
Categories: Security News

CVE-2018-10210

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
Categories: Security News

CVE-2018-10211

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
Categories: Security News

CVE-2018-10212

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.
Categories: Security News

CVE-2018-10213

National Vulnerability Database - Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it.
Categories: Security News

CVE-2014-5014

National Vulnerability Database - Wed, 04/25/2018 - 13:29
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
Categories: Security News

CVE-2017-12712

National Vulnerability Database - Wed, 04/25/2018 - 09:29
The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Categories: Security News

CVE-2017-12714

National Vulnerability Database - Wed, 04/25/2018 - 09:29
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Categories: Security News

CVE-2017-12716

National Vulnerability Database - Wed, 04/25/2018 - 09:29
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Categories: Security News

CVE-2017-1750

National Vulnerability Database - Wed, 04/25/2018 - 09:29
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.
Categories: Security News

CVE-2017-7652

National Vulnerability Database - Wed, 04/25/2018 - 09:29
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.
Categories: Security News

CVE-2018-1363

National Vulnerability Database - Wed, 04/25/2018 - 09:29
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.
Categories: Security News

CVE-2018-1112

National Vulnerability Database - Wed, 04/25/2018 - 08:29
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
Categories: Security News

CVE-2018-10310

National Vulnerability Database - Wed, 04/25/2018 - 05:29
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
Categories: Security News

CVE-2018-10366

National Vulnerability Database - Wed, 04/25/2018 - 05:29
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
Categories: Security News

CVE-2018-10367

National Vulnerability Database - Wed, 04/25/2018 - 05:29
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
Categories: Security News

CVE-2018-10368

National Vulnerability Database - Wed, 04/25/2018 - 05:29
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
Categories: Security News

CVE-2018-10372

National Vulnerability Database - Wed, 04/25/2018 - 05:29
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
Categories: Security News

Pages