News aggregator

CVE-2018-17872

National Vulnerability Database - Thu, 10/04/2018 - 15:29
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.
Categories: Security News

CVE-2018-17876

National Vulnerability Database - Thu, 10/04/2018 - 15:29
A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.
Categories: Security News

CVE-2018-1604

National Vulnerability Database - Thu, 10/04/2018 - 10:29
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794.
Categories: Security News

CVE-2018-1670

National Vulnerability Database - Thu, 10/04/2018 - 10:29
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946.
Categories: Security News

CVE-2018-1819

National Vulnerability Database - Thu, 10/04/2018 - 10:29
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.
Categories: Security News

CVE-2017-5658

National Vulnerability Database - Thu, 10/04/2018 - 10:29
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.
Categories: Security News

CVE-2018-12470

National Vulnerability Database - Thu, 10/04/2018 - 10:29
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Categories: Security News

CVE-2018-12471

National Vulnerability Database - Thu, 10/04/2018 - 10:29
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Categories: Security News

CVE-2018-12472

National Vulnerability Database - Thu, 10/04/2018 - 10:29
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Categories: Security News

CVE-2018-1602

National Vulnerability Database - Thu, 10/04/2018 - 10:29
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143792.
Categories: Security News

CVE-2018-1603

National Vulnerability Database - Thu, 10/04/2018 - 10:29
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143793.
Categories: Security News

CVE-2018-11784

National Vulnerability Database - Thu, 10/04/2018 - 09:29
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Categories: Security News

CVE-2018-5492

National Vulnerability Database - Thu, 10/04/2018 - 09:29
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.
Categories: Security News

CVE-2018-17972

National Vulnerability Database - Wed, 10/03/2018 - 18:29
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.
Categories: Security News

CVE-2018-17974

National Vulnerability Database - Wed, 10/03/2018 - 18:29
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
Categories: Security News

CVE-2018-6695

National Vulnerability Database - Wed, 10/03/2018 - 18:01
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
Categories: Security News

CVE-2018-5921

National Vulnerability Database - Wed, 10/03/2018 - 16:29
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.
Categories: Security News

CVE-2018-17881

National Vulnerability Database - Wed, 10/03/2018 - 16:29
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
Categories: Security News

CVE-2018-17562

National Vulnerability Database - Wed, 10/03/2018 - 16:29
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
Categories: Security News

CVE-2018-17880

National Vulnerability Database - Wed, 10/03/2018 - 16:29
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.
Categories: Security News

Pages