|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB18-155: Vulnerability Summary for the Week of May 28, 2018
SB18-155: Vulnerability Summary for the Week of May 28, 2018 06-04-2018 05:16 AM Original release date: June 04, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. * High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned
Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1000ch -- dwebp-bin *dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10633 MISCaerospike -- aerospike-client-nodejs *aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10558 MISCair-sdk -- air-sdk *air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10603 MISCairbrake -- node-airbrake *The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.2018-05-31not yet calculatedCVE-2016-10530 MISC MISCalexyoung -- jadedown *jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.2018-05-31not yet calculatedCVE-2016-10520 MISCandzdroid -- paypal-ipn *paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.2018-05-29not yet calculatedCVE-2014-10067 MISC MISCappgyver -- steroids *Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10581 MISCappium -- appium-chromedriver *appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10557 MISCapple -- safari *webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash.2018-06-01not yet calculatedCVE-2018-11646 MISC MISCappnitro -- machform *An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.2018-05-26not yet calculatedCVE-2018-6409 MISC EXPLOIT-DB MISCappnitro -- machform *An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.2018-05-26not yet calculatedCVE-2018-6410 MISC EXPLOIT-DB MISCappnitro -- machform *An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.2018-05-26not yet calculatedCVE-2018-6411 MISC EXPLOIT-DB MISCarian -- selenium-wrapper *selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10628 MISCarrayfire -- arrayfire-js *arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10598 MISCartifex -- ghostscript *psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.2018-06-01not yet calculatedCVE-2018-11645 MISC MISCartiomshapovalov -- tomita-parser *tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10666 MISCarve0 -- node-geoip-country *geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-05-29not yet calculatedCVE-2016-10568 MISCatob -- atob *atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.2018-05-29not yet calculatedCVE-2018-3745 MISCauth0 -- node-jsonwebtokenIn jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).2018-05-29not yet calculatedCVE-2015-9235 MISC MISC MISC MISCbarretts -- node-iedriver *iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10562 MISCbem-archive -- imageoptim *imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10596 MISCbionode -- bionode-sra *bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10613 MISCbitmain -- antminer_d3_and_l3+_and_s9_devices *Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.2018-05-31not yet calculatedCVE-2018-11220 EXPLOIT-DBbloodaxe -- npm-native-opencv native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10658 MISCbluesmoon -- node-geoip *adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.2018-05-29not yet calculatedCVE-2016-10680 MISCbmw -- multiple_vehiclesThe Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9318 BID MISC MISCbmw -- multiple_vehicles *The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.2018-05-31not yet calculatedCVE-2018-9322 BID MISC MISCbmw -- multiple_vehicles *The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.2018-05-31not yet calculatedCVE-2018-9313 BID MISC MISCbmw -- multiple_vehicles *The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9320 BID MISC MISCbmw -- multiple_vehicles *The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.2018-05-31not yet calculatedCVE-2018-9312 BID MISC MISCbmw -- multiple_vehicles *The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.2018-05-31not yet calculatedCVE-2018-9314 BID MISC MISCbmw -- multiple_vehicles *The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.2018-05-31not yet calculatedCVE-2018-9311 BID MISC MISCbroccoli -- broccoli *broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10635 MISCbrother -- hl-l2340d_and_hl-l2380dw_series_printers *Cross-site scripting (XSS) vulnerability on Brother HL-L2340D and HL-L2380DW series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.2018-06-01not yet calculatedCVE-2018-11581 MISCbulain -- grunt-webdriver-qunit *grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10606 MISCcaspervonb -- bitty *Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.2018-05-31not yet calculatedCVE-2016-10561 MISCclippercms -- clippercms *ClipperCMS 1.3.3 allows Session Fixation.2018-05-30not yet calculatedCVE-2018-11571 MISCclippercms -- clippercms *ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.2018-05-30not yet calculatedCVE-2018-11572 MISCcloudcmd -- console-io *console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.2018-05-31not yet calculatedCVE-2016-10532 MISCcmseasy -- cmseasy *An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.2018-06-02not yet calculatedCVE-2018-11679 MISC MISCcmseasy -- cmseasy *An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.2018-06-02not yet calculatedCVE-2018-11680 MISCcnpm -- node-operadriver *operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-31not yet calculatedCVE-2016-10565 MISCcobalt-cli -- cobalt-cli *cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.2018-06-01not yet calculatedCVE-2016-10597 MISCcodecanyon.net -- easyservice_billing *The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11443 MISC EXPLOIT-DBcodecanyon.net -- easyservice_billing *A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.2018-05-25not yet calculatedCVE-2018-11445 MISC EXPLOIT-DBcodecanyon.net -- easyservice_billing *A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.2018-05-25not yet calculatedCVE-2018-11444 MISC EXPLOIT-DBcodecanyon.net -- easyservice_billing *A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.2018-05-25not yet calculatedCVE-2018-11442 MISC EXPLOIT-DBcoderaiser -- node-restafary *restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.2018-05-31not yet calculatedCVE-2016-10528 MISCconnected-web -- product-monitor *product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10567 MISCcreatiwity -- witycms *Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.2018-05-28not yet calculatedCVE-2018-11512 MISC MISC EXPLOIT-DBcscms -- cscms *An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save.2018-05-29not yet calculatedCVE-2018-11527 MISCdalekjs -- dalek-browser-chrome dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10604 MISCdalekjs -- dalek-browser-chrome-canary *dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10584 MISCdalekjs -- dalek-browser-ie *dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10605 MISCdalekjs -- dalek-browser-ie *dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10612 MISCdanielcardoso -- html-pages *The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.2018-05-29not yet calculatedCVE-2018-3744 MISC MISCdanielfm -- jshamcrestjshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.2018-05-31not yet calculatedCVE-2016-10521 MISCdataiku -- dataiku_dss *The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.2018-05-28not yet calculatedCVE-2018-10732 MISC MISCdavidmarkclements -- install-nw *install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10566 MISCdchem -- node-ibapi *ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-05-29not yet calculatedCVE-2016-10593 MISCdcodeio -- closurecompiler.js *closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10582 MISCddopson -- node-sauce-connect *sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10599 MISCdell_emc -- recoverpoint_and_recoverpoint_for_vms *Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.2018-05-29not yet calculatedCVE-2018-1241 FULLDISC BIDdell_emc -- recoverpoint_and_recoverpoint_for_vms *Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.2018-05-29not yet calculatedCVE-2018-1235 FULLDISC BIDdell_emc -- recoverpoint_and_recoverpoint_for_vms *Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.2018-05-29not yet calculatedCVE-2018-1242 FULLDISC BIDdelta_electronics -- automation_tpeditor *In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.2018-05-25not yet calculatedCVE-2018-8871 BID MISCdirtyhairy -- node-libxl *libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.2018-06-01not yet calculatedCVE-2016-10585 MISCdomainmod -- domainmod *DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.2018-05-30not yet calculatedCVE-2018-11559 MISCdomainmod -- domainmod *DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.2018-05-30not yet calculatedCVE-2018-11558 MISCdtao -- fancy-server *Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.2018-05-31not yet calculatedCVE-2014-10066 MISCdtsearch -- dtsearch *A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.2018-05-29not yet calculatedCVE-2018-11488 MISC MISC MISCdwyl -- hapi-auth-jwt2 *When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.2018-05-29not yet calculatedCVE-2016-10525 MISC MISC MISCelectron-userland -- electron-packager *electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 =6.0.0 |
Sponsored Links |
|