News aggregator

CVE-2018-8269

National Vulnerability Database - Wed, 09/12/2018 - 20:29
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
Categories: Security News

CVE-2018-8271

National Vulnerability Database - Wed, 09/12/2018 - 20:29
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Categories: Security News

CVE-2018-8315

National Vulnerability Database - Wed, 09/12/2018 - 20:29
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
Categories: Security News

CVE-2018-8331

National Vulnerability Database - Wed, 09/12/2018 - 20:29
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
Categories: Security News

CVE-2018-8332

National Vulnerability Database - Wed, 09/12/2018 - 20:29
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Categories: Security News

CVE-2018-8335

National Vulnerability Database - Wed, 09/12/2018 - 20:29
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Categories: Security News

CVE-2018-16977

National Vulnerability Database - Wed, 09/12/2018 - 19:29
Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php.
Categories: Security News

CVE-2018-16978

National Vulnerability Database - Wed, 09/12/2018 - 19:29
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473.
Categories: Security News

CVE-2018-16979

National Vulnerability Database - Wed, 09/12/2018 - 19:29
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
Categories: Security News

CVE-2018-16980

National Vulnerability Database - Wed, 09/12/2018 - 19:29
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
Categories: Security News

CVE-2018-16981

National Vulnerability Database - Wed, 09/12/2018 - 19:29
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
Categories: Security News

CVE-2018-16976

National Vulnerability Database - Wed, 09/12/2018 - 18:29
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.
Categories: Security News

CVE-2018-15610

National Vulnerability Database - Wed, 09/12/2018 - 17:29
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Categories: Security News

CVE-2018-16974

National Vulnerability Database - Wed, 09/12/2018 - 17:29
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).
Categories: Security News

CVE-2018-16975

National Vulnerability Database - Wed, 09/12/2018 - 17:29
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php.
Categories: Security News

CVE-2018-16962

National Vulnerability Database - Wed, 09/12/2018 - 16:29
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.
Categories: Security News

CVE-2018-16970

National Vulnerability Database - Wed, 09/12/2018 - 16:29
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
Categories: Security News

CVE-2018-16971

National Vulnerability Database - Wed, 09/12/2018 - 16:29
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
Categories: Security News

CVE-2018-3659

National Vulnerability Database - Wed, 09/12/2018 - 15:29
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
Categories: Security News

CVE-2018-3669

National Vulnerability Database - Wed, 09/12/2018 - 15:29
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network.
Categories: Security News

Pages