This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.
Cisco Jabber CVE-2018-0201 Cross Site Scripting Vulnerability
Atlassian Floodlight Controller CVE-2015-6569 Denial of Service Vulnerability
Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Security Vulnerabilities
Cisco Elastic Services Controller CVE-2018-0130 Unauthorized Access Vulnerability
Drupal Core DRUPAL-SA-CORE-2018-001 Multiple Access Bypass Vulnerabilities
Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities
Juniper Junos J-Web Interface CVE-2018-0001 Remote Code Execution Vulnerability
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order.
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.