News aggregator

CVE-2017-16816

National Vulnerability Database - Thu, 07/05/2018 - 16:29
The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.
Categories: Security News

CVE-2018-10987

National Vulnerability Database - Thu, 07/05/2018 - 16:29
An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.
Categories: Security News

CVE-2018-10988

National Vulnerability Database - Thu, 07/05/2018 - 16:29
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.
Categories: Security News

CVE-2018-12103

National Vulnerability Database - Thu, 07/05/2018 - 16:29
An issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.
Categories: Security News

CVE-2018-12113

National Vulnerability Database - Thu, 07/05/2018 - 16:29
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.
Categories: Security News

CVE-2018-12520

National Vulnerability Database - Thu, 07/05/2018 - 16:29
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
Categories: Security News

CVE-2018-12571

National Vulnerability Database - Thu, 07/05/2018 - 16:29
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
Categories: Security News

CVE-2018-12739

National Vulnerability Database - Thu, 07/05/2018 - 16:29
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
Categories: Security News

CVE-2018-13031

National Vulnerability Database - Thu, 07/05/2018 - 16:29
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
Categories: Security News

CVE-2018-13052

National Vulnerability Database - Thu, 07/05/2018 - 16:29
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.
Categories: Security News

CVE-2018-8046

National Vulnerability Database - Thu, 07/05/2018 - 16:29
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.
Categories: Security News

CVE-2018-8738

National Vulnerability Database - Thu, 07/05/2018 - 16:29
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
Categories: Security News

CVE-2018-9997

National Vulnerability Database - Thu, 07/05/2018 - 16:29
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
Categories: Security News

CVE-2018-9998

National Vulnerability Database - Thu, 07/05/2018 - 16:29
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.
Categories: Security News

CVE-2017-11175

National Vulnerability Database - Thu, 07/05/2018 - 14:29
In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /auth/ariosa/login.
Categories: Security News

CVE-2018-12021

National Vulnerability Database - Thu, 07/05/2018 - 14:29
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
Categories: Security News

CVE-2018-12691

National Vulnerability Database - Thu, 07/05/2018 - 14:29
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
Categories: Security News

CVE-2018-12910

National Vulnerability Database - Thu, 07/05/2018 - 14:29
soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to have unspecified impact via an empty hostname.
Categories: Security News

CVE-2018-12976

National Vulnerability Database - Thu, 07/05/2018 - 14:29
In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.
Categories: Security News

CVE-2018-13325

National Vulnerability Database - Thu, 07/05/2018 - 14:29
The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.
Categories: Security News

Pages