jell.ie CVEs

Read at: 2018-04-27T03:39:54+01:00

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Source: National Vulnerability Database | 26 Apr 2018 | 10:29 pm IST

CVE-2018-7527

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.

Source: National Vulnerability Database | 26 Apr 2018 | 9:29 pm IST

CVE-2018-3844

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 9:29 pm IST

CVE-2018-3845

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 9:29 pm IST

CVE-2018-3851

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 9:29 pm IST

CVE-2018-3855

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 9:29 pm IST

CVE-2017-17543

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.

Source: National Vulnerability Database | 26 Apr 2018 | 9:29 pm IST

CVE-2017-14010

An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

Source: National Vulnerability Database | 26 Apr 2018 | 8:29 pm IST

CVE-2018-7465

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.

Source: National Vulnerability Database | 26 Apr 2018 | 8:29 pm IST

CVE-2016-9602

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Source: National Vulnerability Database | 26 Apr 2018 | 8:29 pm IST

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 pm IST

CVE-2018-10430

An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 pm IST

CVE-2018-10431

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 pm IST

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 pm IST

CVE-2017-15691

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 pm IST

CVE-2018-1074

ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 pm IST

CVE-2018-8072

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.

Source: National Vulnerability Database | 26 Apr 2018 | 4:29 pm IST

CVE-2017-9275

NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.

Source: National Vulnerability Database | 26 Apr 2018 | 4:29 pm IST

CVE-2017-9284

IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.

Source: National Vulnerability Database | 26 Apr 2018 | 4:29 pm IST

CVE-2017-1723

IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2017-1722

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2017-1721

IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2018-1418

IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2018-6518

Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2017-14740

Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2017-1724

IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814.

Source: National Vulnerability Database | 26 Apr 2018 | 3:29 pm IST

CVE-2018-10425

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered.

Source: National Vulnerability Database | 26 Apr 2018 | 8:29 am IST

CVE-2018-9113

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line.

Source: National Vulnerability Database | 26 Apr 2018 | 7:29 am IST

CVE-2018-8974

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line.

Source: National Vulnerability Database | 26 Apr 2018 | 7:29 am IST

CVE-2018-10393

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 am IST

CVE-2018-10424

mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 am IST

CVE-2018-10392

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 am IST

CVE-2018-10391

An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 am IST

CVE-2018-10423

mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 am IST

CVE-2018-10422

An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.

Source: National Vulnerability Database | 26 Apr 2018 | 6:29 am IST

CVE-2018-10381

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.

Source: National Vulnerability Database | 26 Apr 2018 | 1:29 am IST

CVE-2018-8837

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 12:29 am IST

CVE-2018-8833

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 12:29 am IST

CVE-2018-8835

Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

Source: National Vulnerability Database | 26 Apr 2018 | 12:29 am IST

CVE-2018-1338

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 pm IST

CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 pm IST

CVE-2018-1339

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 pm IST

CVE-2018-5226

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 pm IST

CVE-2017-6888

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 pm IST

CVE-2018-5486

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 pm IST

CVE-2014-0882

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2018-8716

WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2018-9103

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2014-0881

The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2018-9101

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2014-0872

The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

Source: National Vulnerability Database | 25 Apr 2018 | 9:29 pm IST

CVE-2018-10206

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10213

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10207

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10211

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10209

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10210

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10212

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2018-10208

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI.

Source: National Vulnerability Database | 25 Apr 2018 | 7:29 pm IST

CVE-2014-5014

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.

Source: National Vulnerability Database | 25 Apr 2018 | 6:29 pm IST

CVE-2018-1363

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.

Source: National Vulnerability Database | 25 Apr 2018 | 2:29 pm IST

CVE-2017-12714

Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Source: National Vulnerability Database | 25 Apr 2018 | 2:29 pm IST

CVE-2017-12712

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Source: National Vulnerability Database | 25 Apr 2018 | 2:29 pm IST

CVE-2017-12716

Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Source: National Vulnerability Database | 25 Apr 2018 | 2:29 pm IST

CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

Source: National Vulnerability Database | 25 Apr 2018 | 2:29 pm IST

CVE-2017-1750

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.

Source: National Vulnerability Database | 25 Apr 2018 | 2:29 pm IST

CVE-2018-1112

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.

Source: National Vulnerability Database | 25 Apr 2018 | 1:29 pm IST

CVE-2018-10372

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10366

An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10368

An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10310

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10376

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10367

An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10373

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10374

EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10375

A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-8801

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

Source: National Vulnerability Database | 25 Apr 2018 | 10:29 am IST

CVE-2018-10362

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.

Source: National Vulnerability Database | 25 Apr 2018 | 6:29 am IST

CVE-2018-10361

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.

Source: National Vulnerability Database | 25 Apr 2018 | 6:29 am IST

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.

Source: National Vulnerability Database | 24 Apr 2018 | 9:29 pm IST

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

Source: National Vulnerability Database | 24 Apr 2018 | 9:29 pm IST

CVE-2013-3947

Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.

Source: National Vulnerability Database | 24 Apr 2018 | 9:29 pm IST

CVE-2017-2923

An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2918

An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2908

An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2907

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2906

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2905

An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2904

An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2903

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2902

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2901

An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2924

An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2804

A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2885

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2835

An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

CVE-2017-2900

An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Source: National Vulnerability Database | 24 Apr 2018 | 8:29 pm IST

count: 100