News aggregator

CVE-2019-17506

National Vulnerability Database - Fri, 10/11/2019 - 16:15
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
Categories: Security News

CVE-2019-17507

National Vulnerability Database - Fri, 10/11/2019 - 16:15
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.
Categories: Security News

CVE-2019-17508

National Vulnerability Database - Fri, 10/11/2019 - 16:15
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
Categories: Security News

CVE-2019-17509

National Vulnerability Database - Fri, 10/11/2019 - 16:15
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.
Categories: Security News

CVE-2019-17510

National Vulnerability Database - Fri, 10/11/2019 - 16:15
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.
Categories: Security News

CVE-2018-20582

National Vulnerability Database - Fri, 10/11/2019 - 16:15
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery.
Categories: Security News

CVE-2018-21027

National Vulnerability Database - Fri, 10/11/2019 - 16:15
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.
Categories: Security News

CVE-2018-21028

National Vulnerability Database - Fri, 10/11/2019 - 16:15
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.
Categories: Security News

CVE-2019-17505

National Vulnerability Database - Fri, 10/11/2019 - 16:15
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.
Categories: Security News

CVE-2019-2110

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445
Categories: Security News

CVE-2019-2114

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348
Categories: Security News

CVE-2019-2173

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720
Categories: Security News

CVE-2019-2183

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465
Categories: Security News

CVE-2019-2184

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122
Categories: Security News

CVE-2019-2185

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699
Categories: Security News

CVE-2019-2186

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447
Categories: Security News

CVE-2019-2187

National Vulnerability Database - Fri, 10/11/2019 - 15:15
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143
Categories: Security News

CVE-2019-2215

National Vulnerability Database - Fri, 10/11/2019 - 15:15
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Categories: Security News

CVE-2015-9486

National Vulnerability Database - Fri, 10/11/2019 - 15:15
The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Categories: Security News

CVE-2015-9487

National Vulnerability Database - Fri, 10/11/2019 - 15:15
The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
Categories: Security News

Pages