News aggregator

CVE-2018-4044

National Vulnerability Database - Thu, 01/10/2019 - 10:29
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Categories: Security News

CVE-2018-4045

National Vulnerability Database - Thu, 01/10/2019 - 10:29
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Categories: Security News

CVE-2018-4046

National Vulnerability Database - Thu, 01/10/2019 - 10:29
An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit.
Categories: Security News

CVE-2018-4047

National Vulnerability Database - Thu, 01/10/2019 - 10:29
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
Categories: Security News

CVE-2019-5886

National Vulnerability Database - Thu, 01/10/2019 - 09:29
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.
Categories: Security News

CVE-2019-5887

National Vulnerability Database - Thu, 01/10/2019 - 09:29
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.
Categories: Security News

CVE-2019-5884

National Vulnerability Database - Thu, 01/10/2019 - 03:29
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
Categories: Security News

Vuln: OpenSSH CVE-2018-20685 Access Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 01/10/2019 - 00:00
OpenSSH CVE-2018-20685 Access Bypass Vulnerability
Categories: Security News

Vuln: Symantec Reporter CLI CVE-2018-12237 OS Command Injection Vulnerability

SecurityFocus Vulnerabilities - Thu, 01/10/2019 - 00:00
Symantec Reporter CLI CVE-2018-12237 OS Command Injection Vulnerability
Categories: Security News

CVE-2018-20683

National Vulnerability Database - Wed, 01/09/2019 - 20:29
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
Categories: Security News

CVE-2018-0181

National Vulnerability Database - Wed, 01/09/2019 - 19:29
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.
Categories: Security News

CVE-2018-0282

National Vulnerability Database - Wed, 01/09/2019 - 19:29
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.
Categories: Security News

CVE-2018-16203

National Vulnerability Database - Wed, 01/09/2019 - 18:29
PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.
Categories: Security News

CVE-2018-16204

National Vulnerability Database - Wed, 01/09/2019 - 18:29
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-16205

National Vulnerability Database - Wed, 01/09/2019 - 18:29
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.
Categories: Security News

CVE-2018-20681

National Vulnerability Database - Wed, 01/09/2019 - 18:29
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.
Categories: Security News

CVE-2018-20682

National Vulnerability Database - Wed, 01/09/2019 - 18:29
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Categories: Security News

CVE-2019-3498

National Vulnerability Database - Wed, 01/09/2019 - 18:29
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
Categories: Security News

CVE-2019-5882

National Vulnerability Database - Wed, 01/09/2019 - 18:29
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
Categories: Security News

CVE-2018-16184

National Vulnerability Database - Wed, 01/09/2019 - 18:29
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.
Categories: Security News

Pages