News aggregator

CVE-2018-9021

National Vulnerability Database - Mon, 06/18/2018 - 14:29
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
Categories: Security News

CVE-2018-9022

National Vulnerability Database - Mon, 06/18/2018 - 14:29
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
Categories: Security News

CVE-2018-9023

National Vulnerability Database - Mon, 06/18/2018 - 14:29
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
Categories: Security News

CVE-2018-9024

National Vulnerability Database - Mon, 06/18/2018 - 14:29
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
Categories: Security News

CVE-2018-9025

National Vulnerability Database - Mon, 06/18/2018 - 14:29
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
Categories: Security News

CVE-2018-9026

National Vulnerability Database - Mon, 06/18/2018 - 14:29
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
Categories: Security News

CVE-2018-9027

National Vulnerability Database - Mon, 06/18/2018 - 14:29
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
Categories: Security News

CVE-2018-9028

National Vulnerability Database - Mon, 06/18/2018 - 14:29
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
Categories: Security News

CVE-2018-9029

National Vulnerability Database - Mon, 06/18/2018 - 14:29
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
Categories: Security News

CVE-2018-1060

National Vulnerability Database - Mon, 06/18/2018 - 10:29
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Categories: Security News

CVE-2018-1090

National Vulnerability Database - Mon, 06/18/2018 - 10:29
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
Categories: Security News

CVE-2018-1152

National Vulnerability Database - Mon, 06/18/2018 - 10:29
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
Categories: Security News

CVE-2018-1153

National Vulnerability Database - Mon, 06/18/2018 - 10:29
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
Categories: Security News

CVE-2018-12530

National Vulnerability Database - Mon, 06/18/2018 - 10:29
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
Categories: Security News

CVE-2018-12531

National Vulnerability Database - Mon, 06/18/2018 - 10:29
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
Categories: Security News

CVE-2018-12534

National Vulnerability Database - Mon, 06/18/2018 - 10:29
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
Categories: Security News

CVE-2018-12532

National Vulnerability Database - Mon, 06/18/2018 - 08:29
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Categories: Security News

CVE-2018-12533

National Vulnerability Database - Mon, 06/18/2018 - 08:29
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
Categories: Security News

CVE-2018-12522

National Vulnerability Database - Mon, 06/18/2018 - 07:29
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
Categories: Security News

CVE-2018-12523

National Vulnerability Database - Mon, 06/18/2018 - 07:29
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
Categories: Security News

Pages