News aggregator

CVE-2018-11134

National Vulnerability Database - Thu, 05/31/2018 - 14:29
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
Categories: Security News

CVE-2018-11135

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
Categories: Security News

CVE-2018-11136

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).
Categories: Security News

CVE-2018-11137

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The 'checksum' parameter of the '/common/download_attachment.php' script in the can Quest KACE System Management Appliance 8.0.318 be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.
Categories: Security News

CVE-2018-11138

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
Categories: Security News

CVE-2018-11139

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.
Categories: Security News

CVE-2018-11140

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).
Categories: Security News

CVE-2018-11141

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.
Categories: Security News

CVE-2018-11142

National Vulnerability Database - Thu, 05/31/2018 - 14:29
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.
Categories: Security News

CVE-2018-11626

National Vulnerability Database - Thu, 05/31/2018 - 14:29
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.
Categories: Security News

CVE-2018-11590

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.
Categories: Security News

CVE-2018-11591

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.
Categories: Security News

CVE-2018-11592

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.
Categories: Security News

CVE-2018-11593

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
Categories: Security News

CVE-2018-11594

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
Categories: Security News

CVE-2018-11595

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
Categories: Security News

CVE-2018-11596

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.
Categories: Security News

CVE-2018-11597

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
Categories: Security News

CVE-2018-11598

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
Categories: Security News

CVE-2018-11624

National Vulnerability Database - Thu, 05/31/2018 - 12:29
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
Categories: Security News

Pages