News aggregator

CVE-2018-12921

National Vulnerability Database - Thu, 06/28/2018 - 07:29
Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.
Categories: Security News

CVE-2018-12922

National Vulnerability Database - Thu, 06/28/2018 - 07:29
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.
Categories: Security News

CVE-2018-12923

National Vulnerability Database - Thu, 06/28/2018 - 07:29
BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.
Categories: Security News

CVE-2018-12924

National Vulnerability Database - Thu, 06/28/2018 - 07:29
Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.
Categories: Security News

CVE-2018-12925

National Vulnerability Database - Thu, 06/28/2018 - 07:29
Baseon Lantronix MSS devices do not require a password for TELNET access.
Categories: Security News

CVE-2018-12926

National Vulnerability Database - Thu, 06/28/2018 - 07:29
Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.
Categories: Security News

CVE-2018-12927

National Vulnerability Database - Thu, 06/28/2018 - 07:29
Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.
Categories: Security News

Vuln: InPage '.inp' File Parser Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Thu, 06/28/2018 - 00:00
InPage '.inp' File Parser Remote Code Execution Vulnerability
Categories: Security News

Vuln: Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 06/28/2018 - 00:00
Multiple Microsoft Products DLL Loading Multiple Remote Code Execution Vulnerabilities
Categories: Security News

CVE-2018-5528

National Vulnerability Database - Wed, 06/27/2018 - 16:29
Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.
Categories: Security News

CVE-2018-5527

National Vulnerability Database - Wed, 06/27/2018 - 16:29
On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.
Categories: Security News

CVE-2018-1355

National Vulnerability Database - Wed, 06/27/2018 - 16:29
An open redirect vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
Categories: Security News

CVE-2018-1354

National Vulnerability Database - Wed, 06/27/2018 - 16:29
An improper access control vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
Categories: Security News

CVE-2017-16718

National Vulnerability Database - Wed, 06/27/2018 - 15:29
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
Categories: Security News

CVE-2017-16726

National Vulnerability Database - Wed, 06/27/2018 - 15:29
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbirtrary ADS packets when legitimate ADS traffic is observable.
Categories: Security News

CVE-2018-12912

National Vulnerability Database - Wed, 06/27/2018 - 14:29
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
Categories: Security News

CVE-2018-12913

National Vulnerability Database - Wed, 06/27/2018 - 14:29
In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.
Categories: Security News

CVE-2018-12914

National Vulnerability Database - Wed, 06/27/2018 - 14:29
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.
Categories: Security News

CVE-2018-12915

National Vulnerability Database - Wed, 06/27/2018 - 14:29
In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.
Categories: Security News

CVE-2018-12916

National Vulnerability Database - Wed, 06/27/2018 - 14:29
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.
Categories: Security News

Pages