News aggregator

CVE-2014-2845

National Vulnerability Database - Wed, 11/15/2017 - 13:29
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
Categories: Security News

CVE-2014-3150

National Vulnerability Database - Wed, 11/15/2017 - 13:29
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.
Categories: Security News

CVE-2014-4000

National Vulnerability Database - Wed, 11/15/2017 - 11:29
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Categories: Security News

CVE-2017-14961

National Vulnerability Database - Wed, 11/15/2017 - 11:29
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
Categories: Security News

CVE-2017-15269

National Vulnerability Database - Wed, 11/15/2017 - 11:29
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.
Categories: Security News

CVE-2017-15270

National Vulnerability Database - Wed, 11/15/2017 - 11:29
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
Categories: Security News

CVE-2017-15271

National Vulnerability Database - Wed, 11/15/2017 - 11:29
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
Categories: Security News

CVE-2017-15272

National Vulnerability Database - Wed, 11/15/2017 - 11:29
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.
Categories: Security News

CVE-2017-15288

National Vulnerability Database - Wed, 11/15/2017 - 11:29
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Categories: Security News

CVE-2017-15806

National Vulnerability Database - Wed, 11/15/2017 - 11:29
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Categories: Security News

CVE-2017-15923

National Vulnerability Database - Wed, 11/15/2017 - 11:29
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
Categories: Security News

CVE-2017-12633

National Vulnerability Database - Wed, 11/15/2017 - 10:29
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Categories: Security News

CVE-2017-12634

National Vulnerability Database - Wed, 11/15/2017 - 10:29
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Categories: Security News

CVE-2017-16833

National Vulnerability Database - Wed, 11/15/2017 - 04:29
Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file.
Categories: Security News

CVE-2017-12737

National Vulnerability Database - Wed, 11/15/2017 - 03:29
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.
Categories: Security News

CVE-2017-12738

National Vulnerability Database - Wed, 11/15/2017 - 03:29
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.
Categories: Security News

CVE-2017-12739

National Vulnerability Database - Wed, 11/15/2017 - 03:29
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.
Categories: Security News

CVE-2017-16826

National Vulnerability Database - Wed, 11/15/2017 - 03:29
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
Categories: Security News

CVE-2017-16827

National Vulnerability Database - Wed, 11/15/2017 - 03:29
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
Categories: Security News

CVE-2017-16828

National Vulnerability Database - Wed, 11/15/2017 - 03:29
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
Categories: Security News

Pages