News aggregator

CVE-2018-5990

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
Categories: Security News

CVE-2018-5991

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
Categories: Security News

CVE-2018-5992

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
Categories: Security News

CVE-2018-5993

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
Categories: Security News

CVE-2018-5994

National Vulnerability Database - Sat, 02/17/2018 - 02:29
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
Categories: Security News

CVE-2018-3609

National Vulnerability Database - Fri, 02/16/2018 - 17:29
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
Categories: Security News

CVE-2018-6218

National Vulnerability Database - Fri, 02/16/2018 - 17:29
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
Categories: Security News

Bugtraq: [slackware-security] irssi (SSA:2018-046-01)

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
[slackware-security] irssi (SSA:2018-046-01)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4115-1] quagga security update

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
[SECURITY] [DSA 4115-1] quagga security update
Categories: Security News

Bugtraq: Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Categories: Security News

Bugtraq: Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload

SecurityFocus Vulnerabilities - Fri, 02/16/2018 - 17:20
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload
Categories: Security News

CVE-2018-1049

National Vulnerability Database - Fri, 02/16/2018 - 16:29
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
Categories: Security News

CVE-2017-18089

National Vulnerability Database - Fri, 02/16/2018 - 13:29
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.
Categories: Security News

CVE-2017-18090

National Vulnerability Database - Fri, 02/16/2018 - 13:29
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
Categories: Security News

CVE-2017-18091

National Vulnerability Database - Fri, 02/16/2018 - 13:29
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
Categories: Security News

CVE-2018-7188

National Vulnerability Database - Fri, 02/16/2018 - 13:29
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Categories: Security News

CVE-2017-18190

National Vulnerability Database - Fri, 02/16/2018 - 12:29
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
Categories: Security News

CVE-2018-0515

National Vulnerability Database - Fri, 02/16/2018 - 12:29
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-0516

National Vulnerability Database - Fri, 02/16/2018 - 12:29
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-7187

National Vulnerability Database - Fri, 02/16/2018 - 12:29
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
Categories: Security News

Pages