News aggregator

CVE-2017-9389

National Vulnerability Database - Mon, 06/17/2019 - 16:15
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interface allows any user to write his/her application in the Lua language. However, this functionality is not protected by authentication and this allows an attacker to run arbitrary Lua code on the device. The POST request is forwarded to LuaUPNP daemon on the device. This binary handles the received Lua code in the function "LU::JobHandler_LuaUPnP::RunLua(LU::JobHandler_LuaUPnP *__hidden this, LU::UPnPActionWrapper *)". The value in the "code" parameter is then passed to the function "LU::LuaInterface::RunCode(char const*)" which actually loads the Lua engine and runs the code.
Categories: Security News

CVE-2017-9390

National Vulnerability Database - Mon, 06/17/2019 - 16:15
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is "RedirectURL". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application.
Categories: Security News

CVE-2018-19146

National Vulnerability Database - Mon, 06/17/2019 - 16:15
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.
Categories: Security News

CVE-2018-19444

National Vulnerability Database - Mon, 06/17/2019 - 16:15
A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.
Categories: Security News

CVE-2018-19445

National Vulnerability Database - Mon, 06/17/2019 - 16:15
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
Categories: Security News

CVE-2018-19446

National Vulnerability Database - Mon, 06/17/2019 - 16:15
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution.
Categories: Security News

CVE-2018-19447

National Vulnerability Database - Mon, 06/17/2019 - 16:15
A stack-based buffer overflow can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing the URI string. An attacker can leverage this to gain remote code execution.
Categories: Security News

CVE-2018-19448

National Vulnerability Database - Mon, 06/17/2019 - 16:15
In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.
Categories: Security News

CVE-2018-19449

National Vulnerability Database - Mon, 06/17/2019 - 16:15
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.
Categories: Security News

CVE-2018-19450

National Vulnerability Database - Mon, 06/17/2019 - 16:15
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.
Categories: Security News

CVE-2019-11409

National Vulnerability Database - Mon, 06/17/2019 - 15:15
app/operator_panel/exec.php in the Operator Panel module in FreePBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
Categories: Security News

CVE-2019-11410

National Vulnerability Database - Mon, 06/17/2019 - 15:15
app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
Categories: Security News

CVE-2019-7315

National Vulnerability Database - Mon, 06/17/2019 - 15:15
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).
Categories: Security News

CVE-2019-7579

National Vulnerability Database - Mon, 06/17/2019 - 15:15
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network.
Categories: Security News

CVE-2019-8324

National Vulnerability Database - Mon, 06/17/2019 - 15:15
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
Categories: Security News

CVE-2019-8325

National Vulnerability Database - Mon, 06/17/2019 - 15:15
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Categories: Security News

CVE-2019-12801

National Vulnerability Database - Mon, 06/17/2019 - 14:15
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
Categories: Security News

CVE-2017-9381

National Vulnerability Database - Mon, 06/17/2019 - 14:15
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who navigates to an attacker controlled page to install or delete an application on the device. Note: The cross-site request forgery is a systemic issue across all other functionalities of the device.
Categories: Security News

CVE-2017-9384

National Vulnerability Database - Mon, 06/17/2019 - 14:15
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which allows the device to create relay ports and connect the device to Vera servers. This is primarily used as a method of communication between the device and Vera servers so the devices can be communicated with even when the user is not at home. One of the parameters retrieved by this specific script is "remote_host". This parameter is not sanitized by the script correctly and is passed in a call to "eval" to execute another script where remote_host is concatenated to be passed a parameter to the second script. This allows an attacker to escape from the executed command and then execute any commands of his/her choice.
Categories: Security News

CVE-2019-10997

National Vulnerability Database - Mon, 06/17/2019 - 14:15
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.
Categories: Security News

Pages