News aggregator

CVE-2018-16979

National Vulnerability Database - Wed, 09/12/2018 - 19:29
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
Categories: Security News

CVE-2018-16980

National Vulnerability Database - Wed, 09/12/2018 - 19:29
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
Categories: Security News

CVE-2018-16981

National Vulnerability Database - Wed, 09/12/2018 - 19:29
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
Categories: Security News

CVE-2018-16976

National Vulnerability Database - Wed, 09/12/2018 - 18:29
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.
Categories: Security News

CVE-2018-15610

National Vulnerability Database - Wed, 09/12/2018 - 17:29
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
Categories: Security News

CVE-2018-16974

National Vulnerability Database - Wed, 09/12/2018 - 17:29
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).
Categories: Security News

CVE-2018-16975

National Vulnerability Database - Wed, 09/12/2018 - 17:29
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php.
Categories: Security News

CVE-2018-16962

National Vulnerability Database - Wed, 09/12/2018 - 16:29
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.
Categories: Security News

CVE-2018-16970

National Vulnerability Database - Wed, 09/12/2018 - 16:29
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
Categories: Security News

CVE-2018-16971

National Vulnerability Database - Wed, 09/12/2018 - 16:29
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
Categories: Security News

CVE-2018-3659

National Vulnerability Database - Wed, 09/12/2018 - 15:29
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
Categories: Security News

CVE-2018-3669

National Vulnerability Database - Wed, 09/12/2018 - 15:29
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network.
Categories: Security News

CVE-2018-3679

National Vulnerability Database - Wed, 09/12/2018 - 15:29
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
Categories: Security News

CVE-2018-3686

National Vulnerability Database - Wed, 09/12/2018 - 15:29
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.
Categories: Security News

CVE-2018-12175

National Vulnerability Database - Wed, 09/12/2018 - 15:29
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.
Categories: Security News

CVE-2018-12176

National Vulnerability Database - Wed, 09/12/2018 - 15:29
Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Categories: Security News

CVE-2018-3616

National Vulnerability Database - Wed, 09/12/2018 - 15:29
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
Categories: Security News

CVE-2018-3643

National Vulnerability Database - Wed, 09/12/2018 - 15:29
A vulnerability in Power Management Controller firmware in systems using specific Intel Converged Security and Management Engine (CSME) before version 12.0.6 or Intel Server Platform Services firmware before version 4.x.04 may allow a privileged user to potentially escalate privileges or disclose information via local access.
Categories: Security News

CVE-2018-3655

National Vulnerability Database - Wed, 09/12/2018 - 15:29
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
Categories: Security News

CVE-2018-3657

National Vulnerability Database - Wed, 09/12/2018 - 15:29
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
Categories: Security News

Pages