News aggregator

CVE-2018-6466

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6467

National Vulnerability Database - Tue, 02/06/2018 - 09:29
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.
Categories: Security News

CVE-2018-6468

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6469

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6656

National Vulnerability Database - Tue, 02/06/2018 - 09:29
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
Categories: Security News

CVE-2017-6169

National Vulnerability Database - Tue, 02/06/2018 - 08:29
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.
Categories: Security News

CVE-2017-6258

National Vulnerability Database - Tue, 02/06/2018 - 08:29
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.
Categories: Security News

CVE-2017-6279

National Vulnerability Database - Tue, 02/06/2018 - 08:29
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.
Categories: Security News

Bugtraq: [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 02/06/2018 - 08:20
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Categories: Security News

Vuln: Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy

SecurityFocus Vulnerabilities - Tue, 02/06/2018 - 00:00
Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
Categories: Security News

CVE-2018-6654

National Vulnerability Database - Mon, 02/05/2018 - 20:29
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
Categories: Security News

CVE-2018-6569

National Vulnerability Database - Mon, 02/05/2018 - 19:29
West Wind Web Server 6.x does not require autheentication for /ADMIN.ASP.
Categories: Security News

CVE-2018-6609

National Vulnerability Database - Mon, 02/05/2018 - 17:29
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
Categories: Security News

CVE-2018-6610

National Vulnerability Database - Mon, 02/05/2018 - 17:29
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.
Categories: Security News

CVE-2018-6651

National Vulnerability Database - Mon, 02/05/2018 - 17:29
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.
Categories: Security News

CVE-2018-6582

National Vulnerability Database - Mon, 02/05/2018 - 16:29
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Categories: Security News

CVE-2018-6604

National Vulnerability Database - Mon, 02/05/2018 - 16:29
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
Categories: Security News

CVE-2018-6605

National Vulnerability Database - Mon, 02/05/2018 - 16:29
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Categories: Security News

CVE-2018-6635

National Vulnerability Database - Mon, 02/05/2018 - 13:29
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.
Categories: Security News

CVE-2018-5442

National Vulnerability Database - Mon, 02/05/2018 - 13:29
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
Categories: Security News

Pages