News aggregator

CVE-2018-16162

National Vulnerability Database - Thu, 11/15/2018 - 10:29
OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors.
Categories: Security News

CVE-2018-16163

National Vulnerability Database - Thu, 11/15/2018 - 10:29
OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.
Categories: Security News

CVE-2018-0673

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
Categories: Security News

CVE-2018-0679

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.
Categories: Security News

CVE-2018-0680

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration.
Categories: Security News

CVE-2018-0681

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration.
Categories: Security News

CVE-2018-0682

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors.
Categories: Security News

CVE-2018-0683

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data.
Categories: Security News

CVE-2018-0684

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data.
Categories: Security News

CVE-2018-0685

National Vulnerability Database - Thu, 11/15/2018 - 10:29
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.
Categories: Security News

CVE-2018-0686

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.
Categories: Security News

CVE-2018-0687

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-0690

National Vulnerability Database - Thu, 11/15/2018 - 10:29
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
Categories: Security News

CVE-2018-0691

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Categories: Security News

CVE-2018-0692

National Vulnerability Database - Thu, 11/15/2018 - 10:29
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-12480

National Vulnerability Database - Thu, 11/15/2018 - 08:29
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
Categories: Security News

CVE-2015-9274

National Vulnerability Database - Thu, 11/15/2018 - 01:29
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
Categories: Security News

CVE-2018-19286

National Vulnerability Database - Thu, 11/15/2018 - 01:29
The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note.
Categories: Security News

CVE-2018-19287

National Vulnerability Database - Thu, 11/15/2018 - 01:29
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Categories: Security News

CVE-2018-19288

National Vulnerability Database - Thu, 11/15/2018 - 01:29
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
Categories: Security News

Pages