News aggregator

CVE-2011-4068

National Vulnerability Database - Thu, 02/01/2018 - 12:29
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
Categories: Security News

CVE-2011-4069

National Vulnerability Database - Thu, 02/01/2018 - 12:29
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
Categories: Security News

CVE-2013-7435

National Vulnerability Database - Thu, 02/01/2018 - 12:29
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Categories: Security News

CVE-2014-3005

National Vulnerability Database - Thu, 02/01/2018 - 12:29
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Categories: Security News

CVE-2014-3244

National Vulnerability Database - Thu, 02/01/2018 - 12:29
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Categories: Security News

CVE-2014-3519

National Vulnerability Database - Thu, 02/01/2018 - 12:29
The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.
Categories: Security News

CVE-2014-3752

National Vulnerability Database - Thu, 02/01/2018 - 12:29
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
Categories: Security News

CVE-2014-9502

National Vulnerability Database - Thu, 02/01/2018 - 12:29
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.
Categories: Security News

CVE-2014-9503

National Vulnerability Database - Thu, 02/01/2018 - 12:29
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
Categories: Security News

CVE-2018-0508

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-0509

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.
Categories: Security News

CVE-2018-0510

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.
Categories: Security News

CVE-2018-0511

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-6186

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Categories: Security News

CVE-2018-6485

National Vulnerability Database - Thu, 02/01/2018 - 09:29
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Categories: Security News

CVE-2018-6470

National Vulnerability Database - Thu, 02/01/2018 - 08:29
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4103-1] chromium-browser security update

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
[SECURITY] [DSA 4103-1] chromium-browser security update
Categories: Security News

Bugtraq: Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831
Categories: Security News

Bugtraq: KonaKart Path Traversal Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
KonaKart Path Traversal Vulnerability
Categories: Security News

Bugtraq: Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key
Categories: Security News

Pages