News aggregator

CVE-2018-6401

National Vulnerability Database - Wed, 05/02/2018 - 03:29
Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password.
Categories: Security News

Vuln: GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Wed, 05/02/2018 - 00:00
GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
Categories: Security News

Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Wed, 05/02/2018 - 00:00
PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability
Categories: Security News

Bugtraq: CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability

SecurityFocus Vulnerabilities - Tue, 05/01/2018 - 22:20
CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability
Categories: Security News

Bugtraq: [slackware-security] mozilla-firefox (SSA:2018-120-02)

SecurityFocus Vulnerabilities - Tue, 05/01/2018 - 22:20
[slackware-security] mozilla-firefox (SSA:2018-120-02)
Categories: Security News

Bugtraq: [slackware-security] libwmf (SSA:2018-120-01)

SecurityFocus Vulnerabilities - Tue, 05/01/2018 - 22:20
[slackware-security] libwmf (SSA:2018-120-01)
Categories: Security News

CVE-2018-6242

National Vulnerability Database - Tue, 05/01/2018 - 16:29
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.
Categories: Security News

CVE-2016-10036

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
Categories: Security News

CVE-2018-10255

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Categories: Security News

CVE-2018-10256

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
Categories: Security News

CVE-2018-10257

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Categories: Security News

CVE-2018-10258

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Categories: Security News

CVE-2018-10259

National Vulnerability Database - Tue, 05/01/2018 - 15:29
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
Categories: Security News

CVE-2018-10260

National Vulnerability Database - Tue, 05/01/2018 - 15:29
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
Categories: Security News

CVE-2013-0159

National Vulnerability Database - Tue, 05/01/2018 - 15:29
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
Categories: Security News

CVE-2013-0185

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
Categories: Security News

CVE-2013-2049

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
Categories: Security News

CVE-2013-4201

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
Categories: Security News

CVE-2013-4209

National Vulnerability Database - Tue, 05/01/2018 - 15:29
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.
Categories: Security News

CVE-2013-4035

National Vulnerability Database - Tue, 05/01/2018 - 14:29
IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138.
Categories: Security News

Pages