News aggregator

CVE-2018-19332

National Vulnerability Database - Sat, 11/17/2018 - 10:29
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
Categories: Security News

CVE-2018-19326

National Vulnerability Database - Sat, 11/17/2018 - 09:29
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
Categories: Security News

CVE-2018-19274

National Vulnerability Database - Sat, 11/17/2018 - 08:29
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
Categories: Security News

CVE-2018-19324

National Vulnerability Database - Sat, 11/17/2018 - 08:29
kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI.
Categories: Security News

CVE-2018-15769

National Vulnerability Database - Fri, 11/16/2018 - 16:29
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
Categories: Security News

CVE-2018-18955

National Vulnerability Database - Fri, 11/16/2018 - 15:29
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Categories: Security News

CVE-2018-19311

National Vulnerability Database - Fri, 11/16/2018 - 14:29
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
Categories: Security News

CVE-2018-19312

National Vulnerability Database - Fri, 11/16/2018 - 14:29
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
Categories: Security News

CVE-2018-19318

National Vulnerability Database - Fri, 11/16/2018 - 14:29
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
Categories: Security News

CVE-2018-19319

National Vulnerability Database - Fri, 11/16/2018 - 14:29
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.
Categories: Security News

CVE-2018-18805

National Vulnerability Database - Fri, 11/16/2018 - 13:29
PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
Categories: Security News

CVE-2018-18806

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.
Categories: Security News

CVE-2018-16396

National Vulnerability Database - Fri, 11/16/2018 - 13:29
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
Categories: Security News

CVE-2018-18755

National Vulnerability Database - Fri, 11/16/2018 - 13:29
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
Categories: Security News

CVE-2018-18756

National Vulnerability Database - Fri, 11/16/2018 - 13:29
Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008.
Categories: Security News

CVE-2018-18759

National Vulnerability Database - Fri, 11/16/2018 - 13:29
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
Categories: Security News

CVE-2018-18760

National Vulnerability Database - Fri, 11/16/2018 - 13:29
RhinOS 3.0 build 1190 allows CSRF.
Categories: Security News

CVE-2018-18761

National Vulnerability Database - Fri, 11/16/2018 - 13:29
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
Categories: Security News

CVE-2018-18763

National Vulnerability Database - Fri, 11/16/2018 - 13:29
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
Categories: Security News

CVE-2018-18793

National Vulnerability Database - Fri, 11/16/2018 - 13:29
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
Categories: Security News

Pages