News aggregator

Bugtraq: [CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 02/06/2018 - 08:20
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Categories: Security News

Vuln: Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy

SecurityFocus Vulnerabilities - Tue, 02/06/2018 - 00:00
Joomla! Core CVE-2018-6379 Cross Site Scripting Vulnerabilitiy
Categories: Security News

CVE-2018-6654

National Vulnerability Database - Mon, 02/05/2018 - 20:29
The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
Categories: Security News

CVE-2018-6569

National Vulnerability Database - Mon, 02/05/2018 - 19:29
West Wind Web Server 6.x does not require autheentication for /ADMIN.ASP.
Categories: Security News

CVE-2018-6609

National Vulnerability Database - Mon, 02/05/2018 - 17:29
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
Categories: Security News

CVE-2018-6610

National Vulnerability Database - Mon, 02/05/2018 - 17:29
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.
Categories: Security News

CVE-2018-6651

National Vulnerability Database - Mon, 02/05/2018 - 17:29
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.
Categories: Security News

CVE-2018-6582

National Vulnerability Database - Mon, 02/05/2018 - 16:29
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Categories: Security News

CVE-2018-6604

National Vulnerability Database - Mon, 02/05/2018 - 16:29
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
Categories: Security News

CVE-2018-6605

National Vulnerability Database - Mon, 02/05/2018 - 16:29
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Categories: Security News

CVE-2018-6635

National Vulnerability Database - Mon, 02/05/2018 - 13:29
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896.
Categories: Security News

CVE-2018-5442

National Vulnerability Database - Mon, 02/05/2018 - 13:29
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
Categories: Security News

CVE-2018-6624

National Vulnerability Database - Mon, 02/05/2018 - 13:29
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
Categories: Security News

CVE-2018-6625

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.
Categories: Security News

CVE-2018-6626

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035.
Categories: Security News

CVE-2018-6627

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.
Categories: Security News

CVE-2018-6628

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c.
Categories: Security News

CVE-2018-6629

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000118.
Categories: Security News

CVE-2018-6630

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000014c.
Categories: Security News

CVE-2018-6631

National Vulnerability Database - Mon, 02/05/2018 - 13:29
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110009.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000170.
Categories: Security News

Pages