News aggregator

CVE-2017-2857

National Vulnerability Database - Mon, 09/17/2018 - 16:29
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.
Categories: Security News

CVE-2017-2872

National Vulnerability Database - Mon, 09/17/2018 - 16:29
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.
Categories: Security News

CVE-2018-14631

National Vulnerability Database - Mon, 09/17/2018 - 16:29
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Categories: Security News

CVE-2017-2874

National Vulnerability Database - Mon, 09/17/2018 - 14:29
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.
Categories: Security News

CVE-2018-14320

National Vulnerability Database - Mon, 09/17/2018 - 14:29
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.
Categories: Security News

CVE-2018-14630

National Vulnerability Database - Mon, 09/17/2018 - 14:29
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
Categories: Security News

CVE-2017-14443

National Vulnerability Database - Mon, 09/17/2018 - 13:29
An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Categories: Security News

CVE-2017-2777

National Vulnerability Database - Mon, 09/17/2018 - 13:29
An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability.
Categories: Security News

CVE-2018-1223

National Vulnerability Database - Mon, 09/17/2018 - 12:29
Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.
Categories: Security News

CVE-2018-11086

National Vulnerability Database - Mon, 09/17/2018 - 12:29
Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
Categories: Security News

CVE-2018-11088

National Vulnerability Database - Mon, 09/17/2018 - 12:29
Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
Categories: Security News

CVE-2018-1198

National Vulnerability Database - Mon, 09/17/2018 - 12:29
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.
Categories: Security News

CVE-2016-9045

National Vulnerability Database - Mon, 09/17/2018 - 11:29
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.
Categories: Security News

CVE-2017-15705

National Vulnerability Database - Mon, 09/17/2018 - 10:29
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.
Categories: Security News

CVE-2018-11780

National Vulnerability Database - Mon, 09/17/2018 - 10:29
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
Categories: Security News

CVE-2018-11781

National Vulnerability Database - Mon, 09/17/2018 - 10:29
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
Categories: Security News

CVE-2018-17142

National Vulnerability Database - Mon, 09/17/2018 - 10:29
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
Categories: Security News

CVE-2018-17143

National Vulnerability Database - Mon, 09/17/2018 - 10:29
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
Categories: Security News

CVE-2018-8041

National Vulnerability Database - Mon, 09/17/2018 - 10:29
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
Categories: Security News

CVE-2018-17136

National Vulnerability Database - Mon, 09/17/2018 - 02:29
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
Categories: Security News

Pages