News aggregator

CVE-2018-6644

National Vulnerability Database - Thu, 02/08/2018 - 18:29
SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.
Categories: Security News

CVE-2018-6789

National Vulnerability Database - Thu, 02/08/2018 - 18:29
An issue was discovered in the SMTP listener in Exim 4.90 and earlier. By sending a handcrafted message, a buffer overflow may happen in a specific function. This can be used to execute code remotely.
Categories: Security News

CVE-2011-4889

National Vulnerability Database - Thu, 02/08/2018 - 18:29
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.
Categories: Security News

CVE-2012-0941

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
Categories: Security News

CVE-2012-2166

National Vulnerability Database - Thu, 02/08/2018 - 18:29
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unspecified vectors. IBM X-Force ID: 75041.
Categories: Security News

CVE-2012-3331

National Vulnerability Database - Thu, 02/08/2018 - 18:29
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.
Categories: Security News

CVE-2012-5359

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.
Categories: Security News

CVE-2012-5360

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.
Categories: Security News

CVE-2013-2830

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.
Categories: Security News

CVE-2013-3552

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
Categories: Security News

CVE-2013-3553

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
Categories: Security News

CVE-2014-4066

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.
Categories: Security News

CVE-2014-4112

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304.
Categories: Security News

CVE-2014-4145

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985.
Categories: Security News

CVE-2014-8985

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145.
Categories: Security News

CVE-2015-2329

National Vulnerability Database - Thu, 02/08/2018 - 18:29
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
Categories: Security News

CVE-2017-6225

National Vulnerability Database - Thu, 02/08/2018 - 17:29
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
Categories: Security News

CVE-2017-6227

National Vulnerability Database - Thu, 02/08/2018 - 17:29
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
Categories: Security News

CVE-2018-5550

National Vulnerability Database - Thu, 02/08/2018 - 14:29
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.
Categories: Security News

CVE-2017-17655

National Vulnerability Database - Thu, 02/08/2018 - 13:29
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4289.
Categories: Security News

Pages