News aggregator

CVE-2018-7205

National Vulnerability Database - Tue, 02/20/2018 - 10:29
** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.
Categories: Security News

CVE-2015-2081

National Vulnerability Database - Tue, 02/20/2018 - 01:29
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
Categories: Security News

CVE-2015-9254

National Vulnerability Database - Tue, 02/20/2018 - 01:29
Datto ALTO and SIRIS devices have a default VNC password.
Categories: Security News

CVE-2015-9255

National Vulnerability Database - Tue, 02/20/2018 - 01:29
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
Categories: Security News

CVE-2015-9256

National Vulnerability Database - Tue, 02/20/2018 - 01:29
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
Categories: Security News

CVE-2017-16835

National Vulnerability Database - Tue, 02/20/2018 - 01:29
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
Categories: Security News

CVE-2017-18192

National Vulnerability Database - Tue, 02/20/2018 - 01:29
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
Categories: Security News

Bugtraq: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
Categories: Security News

Bugtraq: Kentico CMS version 9 through 11 - Arbitrary Code Execution

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
Kentico CMS version 9 through 11 - Arbitrary Code Execution
Categories: Security News

Bugtraq: [SECURITY] [DSA 4118-1] tomcat-native security update

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
[SECURITY] [DSA 4118-1] tomcat-native security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4117-1] gcc-4.9 security update

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 20:20
[SECURITY] [DSA 4117-1] gcc-4.9 security update
Categories: Security News

CVE-2018-7259

National Vulnerability Database - Mon, 02/19/2018 - 19:29
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.
Categories: Security News

CVE-2018-7253

National Vulnerability Database - Mon, 02/19/2018 - 18:29
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Categories: Security News

CVE-2018-7254

National Vulnerability Database - Mon, 02/19/2018 - 18:29
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
Categories: Security News

CVE-2018-7251

National Vulnerability Database - Mon, 02/19/2018 - 17:29
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
Categories: Security News

CVE-2016-10007

National Vulnerability Database - Mon, 02/19/2018 - 16:29
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Categories: Security News

CVE-2016-10008

National Vulnerability Database - Mon, 02/19/2018 - 16:29
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Categories: Security News

CVE-2018-5763

National Vulnerability Database - Mon, 02/19/2018 - 16:29
An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used.
Categories: Security News

CVE-2010-0109

National Vulnerability Database - Mon, 02/19/2018 - 14:29
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
Categories: Security News

CVE-2011-3477

National Vulnerability Database - Mon, 02/19/2018 - 14:29
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.
Categories: Security News

Pages