News aggregator

CVE-2018-11681

National Vulnerability Database - Sat, 06/02/2018 - 09:29
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11682

National Vulnerability Database - Sat, 06/02/2018 - 09:29
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11679

National Vulnerability Database - Sat, 06/02/2018 - 08:29
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Categories: Security News

CVE-2018-11680

National Vulnerability Database - Sat, 06/02/2018 - 08:29
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Categories: Security News

CVE-2018-11522

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Yosoro 1.0.4 has stored XSS.
Categories: Security News

CVE-2018-11564

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
Categories: Security News

CVE-2018-11175

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
Categories: Security News

CVE-2018-11176

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
Categories: Security News

CVE-2018-11177

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
Categories: Security News

CVE-2018-11178

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
Categories: Security News

CVE-2018-11179

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
Categories: Security News

CVE-2018-11180

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
Categories: Security News

CVE-2018-11181

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
Categories: Security News

CVE-2018-11182

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
Categories: Security News

CVE-2018-11183

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
Categories: Security News

CVE-2018-11184

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).
Categories: Security News

CVE-2018-11185

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
Categories: Security News

CVE-2018-11186

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
Categories: Security News

CVE-2018-11187

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
Categories: Security News

CVE-2018-11188

National Vulnerability Database - Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
Categories: Security News

Pages