News aggregator

CVE-2018-7667

National Vulnerability Database - Mon, 03/05/2018 - 02:29
Adminer through 4.3.1 has SSRF via the server parameter.
Categories: Security News

CVE-2018-7668

National Vulnerability Database - Mon, 03/05/2018 - 02:29
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
Categories: Security News

Vuln: GraphicsMagick CVE-2017-18220 Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 03/05/2018 - 00:00
GraphicsMagick CVE-2017-18220 Multiple Denial of Service Vulnerabilities
Categories: Security News

Vuln: Red Hat '389-ds-base' CVE-2018-1054 Remote Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Mon, 03/05/2018 - 00:00
Red Hat '389-ds-base' CVE-2018-1054 Remote Denial of Service Vulnerability
Categories: Security News

CVE-2018-7662

National Vulnerability Database - Sun, 03/04/2018 - 18:29
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
Categories: Security News

CVE-2018-7661

National Vulnerability Database - Sun, 03/04/2018 - 17:29
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257.
Categories: Security News

CVE-2017-18214

National Vulnerability Database - Sun, 03/04/2018 - 16:29
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
Categories: Security News

CVE-2018-7560

National Vulnerability Database - Sun, 03/04/2018 - 15:29
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string.
Categories: Security News

CVE-2018-7567

National Vulnerability Database - Sun, 03/04/2018 - 15:29
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation.
Categories: Security News

CVE-2018-7653

National Vulnerability Database - Sun, 03/04/2018 - 14:29
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
Categories: Security News

CVE-2017-18213

National Vulnerability Database - Sat, 03/03/2018 - 21:29
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
Categories: Security News

CVE-2018-7449

National Vulnerability Database - Sat, 03/03/2018 - 20:29
SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
Categories: Security News

CVE-2018-7583

National Vulnerability Database - Sat, 03/03/2018 - 20:29
Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.
Categories: Security News

CVE-2018-7651

National Vulnerability Database - Sat, 03/03/2018 - 20:29
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.
Categories: Security News

CVE-2018-7652

National Vulnerability Database - Sat, 03/03/2018 - 20:29
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.
Categories: Security News

CVE-2018-7654

National Vulnerability Database - Sat, 03/03/2018 - 20:29
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
Categories: Security News

CVE-2015-7596

National Vulnerability Database - Fri, 03/02/2018 - 17:29
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
Categories: Security News

CVE-2015-7597

National Vulnerability Database - Fri, 03/02/2018 - 17:29
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
Categories: Security News

CVE-2015-7598

National Vulnerability Database - Fri, 03/02/2018 - 17:29
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
Categories: Security News

CVE-2015-7961

National Vulnerability Database - Fri, 03/02/2018 - 17:29
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
Categories: Security News

Pages