Security News

Vuln: Oracle October 2018 Critical Patch Update Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 10/12/2018 - 00:00
Oracle October 2018 Critical Patch Update Multiple Vulnerabilities
Categories: Security News

CVE-2018-17927

National Vulnerability Database - Thu, 10/11/2018 - 18:29
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution.
Categories: Security News

CVE-2018-17929

National Vulnerability Database - Thu, 10/11/2018 - 18:29
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.
Categories: Security News

CVE-2018-12441

National Vulnerability Database - Thu, 10/11/2018 - 17:29
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.
Categories: Security News

CVE-2018-18257

National Vulnerability Database - Thu, 10/11/2018 - 17:01
An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.
Categories: Security News

CVE-2018-18258

National Vulnerability Database - Thu, 10/11/2018 - 17:01
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
Categories: Security News

CVE-2018-15766

National Vulnerability Database - Thu, 10/11/2018 - 15:29
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified.
Categories: Security News

CVE-2018-18215

National Vulnerability Database - Thu, 10/11/2018 - 11:29
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
Categories: Security News

CVE-2018-9206

National Vulnerability Database - Thu, 10/11/2018 - 11:29
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Categories: Security News

CVE-2018-18242

National Vulnerability Database - Thu, 10/11/2018 - 10:29
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.
Categories: Security News

CVE-2018-12449

National Vulnerability Database - Thu, 10/11/2018 - 09:29
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
Categories: Security News

CVE-2018-1706

National Vulnerability Database - Thu, 10/11/2018 - 08:29
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341.
Categories: Security News

CVE-2018-1708

National Vulnerability Database - Thu, 10/11/2018 - 08:29
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.
Categories: Security News

CVE-2018-1724

National Vulnerability Database - Thu, 10/11/2018 - 08:29
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to obtain highly sensitive information or escalate their privileges to root due to improper file permission settings. IBM X-Force ID: 147439.
Categories: Security News

CVE-2018-1738

National Vulnerability Database - Thu, 10/11/2018 - 08:29
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.
Categories: Security News

CVE-2018-1745

National Vulnerability Database - Thu, 10/11/2018 - 08:29
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.
Categories: Security News

CVE-2018-18240

National Vulnerability Database - Thu, 10/11/2018 - 03:29
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
Categories: Security News

Vuln: OpenSSL CVE-2014-3470 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 10/11/2018 - 00:00
OpenSSL CVE-2014-3470 Denial of Service Vulnerability
Categories: Security News

Vuln: IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Thu, 10/11/2018 - 00:00
IBM Global Security Toolkit CVE-2018-1431 Local Privilege Escalation Vulnerability
Categories: Security News

Vuln: OpenSSL CVE-2016-0705 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 10/11/2018 - 00:00
OpenSSL CVE-2016-0705 Denial of Service Vulnerability
Categories: Security News

Pages