News aggregator

Vuln: Munin Remote Command Injection Vulnerability

SecurityFocus Vulnerabilities - Wed, 10/24/2018 - 00:00
Munin Remote Command Injection Vulnerability
Categories: Security News

Vuln: Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 10/24/2018 - 00:00
Adobe Digital Editions APSB18-27 Multiple Heap Buffer Overflow Vulnerabilities
Categories: Security News

Vuln: Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Wed, 10/24/2018 - 00:00
Adobe Framemaker CVE-2018-15974 Privilege Escalation Vulnerability
Categories: Security News

CVE-2018-7427

National Vulnerability Database - Tue, 10/23/2018 - 17:31
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-7429

National Vulnerability Database - Tue, 10/23/2018 - 17:31
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.
Categories: Security News

CVE-2018-7431

National Vulnerability Database - Tue, 10/23/2018 - 17:31
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
Categories: Security News

CVE-2018-7432

National Vulnerability Database - Tue, 10/23/2018 - 17:31
Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.
Categories: Security News

CVE-2018-18437

National Vulnerability Database - Tue, 10/23/2018 - 17:30
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
Categories: Security News

CVE-2018-18467

National Vulnerability Database - Tue, 10/23/2018 - 17:30
An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent.
Categories: Security News

CVE-2018-18475

National Vulnerability Database - Tue, 10/23/2018 - 17:30
Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.
Categories: Security News

CVE-2018-16235

National Vulnerability Database - Tue, 10/23/2018 - 17:30
Telligent Community 6.x, 7.x, 8.x, 9.x, and 10.x up to 10.1.10.11792 has XSS via the Feed RSS widget.
Categories: Security News

CVE-2018-17444

National Vulnerability Database - Tue, 10/23/2018 - 17:30
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Categories: Security News

CVE-2018-17445

National Vulnerability Database - Tue, 10/23/2018 - 17:30
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Categories: Security News

CVE-2018-17446

National Vulnerability Database - Tue, 10/23/2018 - 17:30
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Categories: Security News

CVE-2018-17447

National Vulnerability Database - Tue, 10/23/2018 - 17:30
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Categories: Security News

CVE-2018-17448

National Vulnerability Database - Tue, 10/23/2018 - 17:30
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Categories: Security News

CVE-2018-17873

National Vulnerability Database - Tue, 10/23/2018 - 17:30
An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.
Categories: Security News

CVE-2018-17877

National Vulnerability Database - Tue, 10/23/2018 - 17:30
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.
Categories: Security News

CVE-2018-17968

National Vulnerability Database - Tue, 10/23/2018 - 17:30
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.
Categories: Security News

CVE-2018-12901

National Vulnerability Database - Tue, 10/23/2018 - 17:30
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Categories: Security News

Pages