News aggregator

CVE-2017-7535

National Vulnerability Database - Thu, 07/26/2018 - 09:29
foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.
Categories: Security News

CVE-2017-7537

National Vulnerability Database - Thu, 07/26/2018 - 09:29
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
Categories: Security News

CVE-2017-2637

National Vulnerability Database - Thu, 07/26/2018 - 08:29
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 08:20
DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 08:20
DefenseCode ThunderScan SAST Advisory: WordPress Strong Testimonials Plugin Multiple XSS Security Vulnerabilities
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 08:20
DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities
Categories: Security News

Bugtraq: [SECURITY] [DSA 4255-1] ant security update

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 08:20
[SECURITY] [DSA 4255-1] ant security update
Categories: Security News

Vuln: IBM Sterling B2B Integrator Multiple Information Disclosure Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
IBM Sterling B2B Integrator Multiple Information Disclosure Vulnerabilities
Categories: Security News

Vuln: IBM Sterling File Gateway CVE-2018-1398 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
IBM Sterling File Gateway CVE-2018-1398 Information Disclosure Vulnerability
Categories: Security News

Vuln: SoftNAS Cloud CVE-2018-14417 OS Command Injection Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
SoftNAS Cloud CVE-2018-14417 OS Command Injection Vulnerability
Categories: Security News

Vuln: IBM Sterling B2B Integrator Multiple Unspecified Cross Site Scripting Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
IBM Sterling B2B Integrator Multiple Unspecified Cross Site Scripting Vulnerabilities
Categories: Security News

Vuln: Linux Kernel 'kernel/time/posix-timers.c' Local Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
Linux Kernel 'kernel/time/posix-timers.c' Local Information Disclosure Vulnerability
Categories: Security News

Vuln: Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
Linux Kernel CVE-2018-10901 Local Privilege Escalation Vulnerability
Categories: Security News

Vuln: Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
Categories: Security News

Vuln: Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 07/26/2018 - 00:00
Linux Kernel CVE-2018-10881 Local Denial of Service Vulnerability
Categories: Security News

CVE-2018-13988

National Vulnerability Database - Wed, 07/25/2018 - 19:29
Poppler through 0.62 contains a Buffer Overflow vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
Categories: Security News

CVE-2018-14083

National Vulnerability Database - Wed, 07/25/2018 - 19:29
LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash.
Categories: Security News

CVE-2018-14430

National Vulnerability Database - Wed, 07/25/2018 - 19:29
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.
Categories: Security News

CVE-2018-14493

National Vulnerability Database - Wed, 07/25/2018 - 19:29
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
Categories: Security News

CVE-2018-8090

National Vulnerability Database - Wed, 07/25/2018 - 19:29
Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.
Categories: Security News

Pages