News aggregator

CVE-2015-0203

National Vulnerability Database - Wed, 02/21/2018 - 10:29
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
Categories: Security News

CVE-2015-6569

National Vulnerability Database - Wed, 02/21/2018 - 10:29
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.
Categories: Security News

CVE-2018-5716

National Vulnerability Database - Wed, 02/21/2018 - 10:29
An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file.
Categories: Security News

CVE-2018-7260

National Vulnerability Database - Wed, 02/21/2018 - 10:29
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Categories: Security News

CVE-2018-1164

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.
Categories: Security News

CVE-2018-1165

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.
Categories: Security News

CVE-2018-1166

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984.
Categories: Security News

CVE-2018-1168

National Vulnerability Database - Wed, 02/21/2018 - 09:29
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.
Categories: Security News

Vuln: Cisco Jabber CVE-2018-0201 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Cisco Jabber CVE-2018-0201 Cross Site Scripting Vulnerability
Categories: Security News

Vuln: Atlassian Floodlight Controller CVE-2015-6569 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Atlassian Floodlight Controller CVE-2015-6569 Denial of Service Vulnerability
Categories: Security News

Vuln: Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities
Categories: Security News

Vuln: Cisco Elastic Services Controller CVE-2018-0130 Unauthorized Access Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Cisco Elastic Services Controller CVE-2018-0130 Unauthorized Access Vulnerability
Categories: Security News

Vuln: Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities
Categories: Security News

Vuln: Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities
Categories: Security News

Vuln: Juniper Junos J-Web Interface CVE-2018-0001 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 02/21/2018 - 00:00
Juniper Junos J-Web Interface CVE-2018-0001 Remote Code Execution Vulnerability
Categories: Security News

CVE-2018-7276

National Vulnerability Database - Tue, 02/20/2018 - 20:29
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.
Categories: Security News

CVE-2018-7277

National Vulnerability Database - Tue, 02/20/2018 - 20:29
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
Categories: Security News

CVE-2018-7278

National Vulnerability Database - Tue, 02/20/2018 - 20:29
An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
Categories: Security News

CVE-2018-7271

National Vulnerability Database - Tue, 02/20/2018 - 19:29
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
Categories: Security News

CVE-2018-7272

National Vulnerability Database - Tue, 02/20/2018 - 19:29
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
Categories: Security News

Pages