News aggregator

CVE-2016-2123

National Vulnerability Database - Thu, 11/01/2018 - 09:29
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
Categories: Security News

CVE-2018-7356

National Vulnerability Database - Thu, 11/01/2018 - 09:29
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
Categories: Security News

CVE-2018-15454

National Vulnerability Database - Thu, 11/01/2018 - 08:29
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.
Categories: Security News

Vuln: Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 11/01/2018 - 00:00
Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
Categories: Security News

Vuln: Microsoft Edge Unspecfied Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/01/2018 - 00:00
Microsoft Edge Unspecfied Remote Code Execution Vulnerability
Categories: Security News

Vuln: Texas Instruments Bluetooth Low Energy Chips CVE-2018-7080 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/01/2018 - 00:00
Texas Instruments Bluetooth Low Energy Chips CVE-2018-7080 Remote Code Execution Vulnerability
Categories: Security News

Vuln: Texas Instruments BLE-Stack CVE-2018-16986 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/01/2018 - 00:00
Texas Instruments BLE-Stack CVE-2018-16986 Remote Code Execution Vulnerability
Categories: Security News

CVE-2018-18887

National Vulnerability Database - Wed, 10/31/2018 - 21:29
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
Categories: Security News

CVE-2018-18888

National Vulnerability Database - Wed, 10/31/2018 - 21:29
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
Categories: Security News

CVE-2018-18890

National Vulnerability Database - Wed, 10/31/2018 - 21:29
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
Categories: Security News

CVE-2018-18891

National Vulnerability Database - Wed, 10/31/2018 - 21:29
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
Categories: Security News

CVE-2018-18892

National Vulnerability Database - Wed, 10/31/2018 - 21:29
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
Categories: Security News

CVE-2018-18883

National Vulnerability Database - Wed, 10/31/2018 - 20:29
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
Categories: Security News

CVE-2016-6328

National Vulnerability Database - Wed, 10/31/2018 - 18:29
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Categories: Security News

CVE-2018-14651

National Vulnerability Database - Wed, 10/31/2018 - 18:29
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Categories: Security News

CVE-2018-15705

National Vulnerability Database - Wed, 10/31/2018 - 18:29
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
Categories: Security News

CVE-2018-15706

National Vulnerability Database - Wed, 10/31/2018 - 18:29
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Categories: Security News

CVE-2018-15707

National Vulnerability Database - Wed, 10/31/2018 - 18:29
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
Categories: Security News

CVE-2016-2125

National Vulnerability Database - Wed, 10/31/2018 - 16:29
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
Categories: Security News

CVE-2018-11759

National Vulnerability Database - Wed, 10/31/2018 - 16:29
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
Categories: Security News

Pages