News aggregator

CVE-2018-12273

National Vulnerability Database - Wed, 06/13/2018 - 09:29
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.
Categories: Security News

CVE-2018-5432

National Vulnerability Database - Wed, 06/13/2018 - 09:29
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.
Categories: Security News

CVE-2018-5433

National Vulnerability Database - Wed, 06/13/2018 - 09:29
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.
Categories: Security News

CVE-2018-5434

National Vulnerability Database - Wed, 06/13/2018 - 09:29
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.
Categories: Security News

CVE-2018-12263

National Vulnerability Database - Wed, 06/13/2018 - 07:29
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
Categories: Security News

CVE-2018-12264

National Vulnerability Database - Wed, 06/13/2018 - 07:29
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
Categories: Security News

CVE-2018-12265

National Vulnerability Database - Wed, 06/13/2018 - 07:29
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
Categories: Security News

CVE-2018-12266

National Vulnerability Database - Wed, 06/13/2018 - 07:29
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
Categories: Security News

CVE-2018-12268

National Vulnerability Database - Wed, 06/13/2018 - 07:29
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4227-1] plexus-archiver security update

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
[SECURITY] [DSA 4227-1] plexus-archiver security update
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4226-1] perl security update

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
[SECURITY] [DSA 4226-1] perl security update
Categories: Security News

Vuln: SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 00:00
SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
Categories: Security News

Draft of Microsoft Security Servicing Commitments for Windows

Security Research & Defense - Tue, 06/12/2018 - 18:02

Microsoft’s commitment to protecting customers from vulnerabilities in our products, services, and devices includes providing security updates that address these vulnerabilities when they are discovered. We understand that researchers have wanted better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them. We have drafted a document which better describes the criteria Microsoft Security Response Center (MSRC) uses when determining whether a reported vulnerability will be addressed through servicing, or in the next version of a product. We are sharing the draft copy with the research community and would like feedback before we make the final copy available online. We are primarily interested in feedback around our servicing policies and whether our criteria makes sense to you, the researcher.

Microsoft Security Servicing Commitments.pdf

Please send feedback to switech@microsoft.com, thank you!

 

 

Categories: Security News

CVE-2018-5849

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.
Categories: Security News

CVE-2018-5851

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15842

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15843

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15854

National Vulnerability Database - Tue, 06/12/2018 - 16:29
The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

Pages