News aggregator

CVE-2018-15769

National Vulnerability Database - Fri, 11/16/2018 - 16:29
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
Categories: Security News

CVE-2018-18955

National Vulnerability Database - Fri, 11/16/2018 - 15:29
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Categories: Security News

CVE-2018-19311

National Vulnerability Database - Fri, 11/16/2018 - 14:29
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
Categories: Security News

CVE-2018-19312

National Vulnerability Database - Fri, 11/16/2018 - 14:29
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
Categories: Security News

CVE-2018-19318

National Vulnerability Database - Fri, 11/16/2018 - 14:29
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
Categories: Security News

CVE-2018-19319

National Vulnerability Database - Fri, 11/16/2018 - 14:29
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.
Categories: Security News

CVE-2018-18805

National Vulnerability Database - Fri, 11/16/2018 - 13:29
PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
Categories: Security News

CVE-2018-18806

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.
Categories: Security News

CVE-2018-16396

National Vulnerability Database - Fri, 11/16/2018 - 13:29
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Categories: Security News

CVE-2018-18755

National Vulnerability Database - Fri, 11/16/2018 - 13:29
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
Categories: Security News

CVE-2018-18756

National Vulnerability Database - Fri, 11/16/2018 - 13:29
Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008.
Categories: Security News

CVE-2018-18759

National Vulnerability Database - Fri, 11/16/2018 - 13:29
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
Categories: Security News

CVE-2018-18760

National Vulnerability Database - Fri, 11/16/2018 - 13:29
RhinOS 3.0 build 1190 allows CSRF.
Categories: Security News

CVE-2018-18761

National Vulnerability Database - Fri, 11/16/2018 - 13:29
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
Categories: Security News

CVE-2018-18763

National Vulnerability Database - Fri, 11/16/2018 - 13:29
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
Categories: Security News

CVE-2018-18793

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
Categories: Security News

CVE-2018-18794

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
Categories: Security News

CVE-2018-18795

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
Categories: Security News

CVE-2018-18796

National Vulnerability Database - Fri, 11/16/2018 - 13:29
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
Categories: Security News

CVE-2018-18797

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
Categories: Security News

Pages