News aggregator

CVE-2017-15399

National Vulnerability Database - Tue, 08/28/2018 - 16:29
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2017-15406

National Vulnerability Database - Tue, 08/28/2018 - 16:29
A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Categories: Security News

CVE-2017-15429

National Vulnerability Database - Tue, 08/28/2018 - 16:29
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Categories: Security News

CVE-2018-3916

National Vulnerability Database - Tue, 08/28/2018 - 16:29
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.
Categories: Security News

CVE-2018-6643

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
Categories: Security News

CVE-2018-3895

National Vulnerability Database - Tue, 08/28/2018 - 15:29
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.
Categories: Security News

CVE-2018-3908

National Vulnerability Database - Tue, 08/28/2018 - 15:29
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.
Categories: Security News

CVE-2018-15884

National Vulnerability Database - Tue, 08/28/2018 - 15:29
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Categories: Security News

CVE-2018-15901

National Vulnerability Database - Tue, 08/28/2018 - 15:29
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
Categories: Security News

CVE-2018-15608

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
Categories: Security News

CVE-2018-15740

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
Categories: Security News

CVE-2018-15873

National Vulnerability Database - Tue, 08/28/2018 - 15:29
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.
Categories: Security News

CVE-2018-14572

National Vulnerability Database - Tue, 08/28/2018 - 15:29
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Categories: Security News

CVE-2018-15596

National Vulnerability Database - Tue, 08/28/2018 - 15:29
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
Categories: Security News

CVE-2017-15430

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Categories: Security News

CVE-2018-14400

National Vulnerability Database - Tue, 08/28/2018 - 15:29
In pycparser, a pickle.load call (within the read_pickle function of the LRTable class in yacc.py) on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Categories: Security News

CVE-2017-15426

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Categories: Security News

CVE-2017-15427

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
Categories: Security News

CVE-2017-15424

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Categories: Security News

CVE-2017-15425

National Vulnerability Database - Tue, 08/28/2018 - 15:29
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Categories: Security News

Pages