National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 hour 38 min ago

CVE-2016-10529

Thu, 05/31/2018 - 16:29
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.
Categories: Security News

CVE-2016-10530

Thu, 05/31/2018 - 16:29
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.
Categories: Security News

CVE-2018-11627

Thu, 05/31/2018 - 15:29
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Categories: Security News

CVE-2018-11132

Thu, 05/31/2018 - 14:29
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.
Categories: Security News

CVE-2018-11133

Thu, 05/31/2018 - 14:29
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.
Categories: Security News

CVE-2018-11134

Thu, 05/31/2018 - 14:29
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
Categories: Security News

CVE-2018-11135

Thu, 05/31/2018 - 14:29
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
Categories: Security News

CVE-2018-11136

Thu, 05/31/2018 - 14:29
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).
Categories: Security News

CVE-2018-11137

Thu, 05/31/2018 - 14:29
The 'checksum' parameter of the '/common/download_attachment.php' script in the can Quest KACE System Management Appliance 8.0.318 be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.
Categories: Security News

CVE-2018-11138

Thu, 05/31/2018 - 14:29
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
Categories: Security News

CVE-2018-11139

Thu, 05/31/2018 - 14:29
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.
Categories: Security News

CVE-2018-11140

Thu, 05/31/2018 - 14:29
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).
Categories: Security News

CVE-2018-11141

Thu, 05/31/2018 - 14:29
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.
Categories: Security News

CVE-2018-11142

Thu, 05/31/2018 - 14:29
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.
Categories: Security News

CVE-2018-11626

Thu, 05/31/2018 - 14:29
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.
Categories: Security News

CVE-2018-11590

Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.
Categories: Security News

CVE-2018-11591

Thu, 05/31/2018 - 12:29
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.
Categories: Security News

CVE-2018-11592

Thu, 05/31/2018 - 12:29
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.
Categories: Security News

CVE-2018-11593

Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
Categories: Security News

CVE-2018-11594

Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
Categories: Security News

Pages