The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 07-05-2018, 09:41 AM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,386,283
Default SB18-183: Vulnerability Summary for the Week of June 25, 2018

SB18-183: Vulnerability Summary for the Week of June 25, 2018

07-02-2018 04:34 AM

Original release date: July 02, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info389-ds-base -- 389-ds-base
*389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.2018-06-22not yet calculatedCVE-2017-2668
BID
REDHAT
REDHAT
CONFIRM
CONFIRMaaugustin/websockets -- aaugustin/websockets
*aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.2018-06-26not yet calculatedCVE-2018-1000518
MISCadm -- asustor_nas_devices
*ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.2018-06-28not yet calculatedCVE-2018-11510
MISC
MISCaef -- advanced_electron_forum
*An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges.2018-06-29not yet calculatedCVE-2018-13000
MISCaio-libs/aiohttp-session -- aio-libs/aiohttp-session
*aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-...storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=, or meta tags or script tags with Set-Cookie).2018-06-26not yet calculatedCVE-2018-1000519
MISC
MISCall_nippon_airways -- ana_app_for_ios
*The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-06-26not yet calculatedCVE-2018-0611
JVN
MISCallen-bradley*-- l30erms_safety_devices
*Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately.2018-06-25not yet calculatedCVE-2017-9312
BID
MISCapache -- cassandra
*The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.2018-06-28not yet calculatedCVE-2018-8016
MISCapache -- hbase
*CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.2018-06-27not yet calculatedCVE-2018-8025
BID
MISCapache -- pluto
*The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.2018-06-27not yet calculatedCVE-2018-1306
MISCarm -- mbedtls
*ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..2018-06-26not yet calculatedCVE-2018-1000520
MISCatlassian*-- fisheye_and_crucible
*The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.2018-06-28not yet calculatedCVE-2017-16859
BID
CONFIRM
CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.2018-06-26not yet calculatedCVE-2018-10662
MISC
CONFIRM
CONFIRMaxis_communications -- ip_camerasThere was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.2018-06-26not yet calculatedCVE-2018-10659
MISC
CONFIRM
CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.2018-06-26not yet calculatedCVE-2018-10663
MISC
CONFIRM
CONFIRMaxis_communications -- ip_camerasAn issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.2018-06-26not yet calculatedCVE-2018-10664
MISC
CONFIRM
CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.2018-06-26not yet calculatedCVE-2018-10661
MISC
CONFIRM
CONFIRMaxis_communications -- ip_camerasAn issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.2018-06-26not yet calculatedCVE-2018-10660
MISC
CONFIRM
CONFIRMaxis_communications -- ip_cameras
*There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.2018-06-26not yet calculatedCVE-2018-10658
MISC
CONFIRM
CONFIRMaxpdfium -- axpdfium
*Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0601
JVN
MISCbaseon_latronix -- mss_devices
*Baseon Lantronix MSS devices do not require a password for TELNET access.2018-06-28not yet calculatedCVE-2018-12925
MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0572
JVN
MISCbasercms -- basercmsCross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0570
JVN
MISCbasercms -- basercmsCross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0574
JVN
MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.2018-06-26not yet calculatedCVE-2018-0571
JVN
MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0575
JVN
MISCbasercms -- basercmsbaserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0573
JVN
MISCbasercms -- basercms
*baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0569
JVN
MISCbeckoff*-- twincat_3
*Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.2018-06-27not yet calculatedCVE-2017-16718
MISCbeckoff*-- twincat
*Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbirtrary ADS packets when legitimate ADS traffic is observable.2018-06-27not yet calculatedCVE-2017-16726
MISCbigtree-cms -- bigtree-cms
*BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279.2018-06-26not yet calculatedCVE-2018-1000521
MISCbusybox -- busybox
*Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".2018-06-26not yet calculatedCVE-2018-1000500
MISC
MISCbusybox -- busybox
*BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.2018-06-26not yet calculatedCVE-2018-1000517
MISCbws_systems -- ha-bridge
*BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.2018-06-28not yet calculatedCVE-2018-12923
MISCcentreon -- centreonCentreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.2018-06-25not yet calculatedCVE-2018-11588
CONFIRM
CONFIRM
CONFIRM
CONFIRMcentreon -- centreonMultiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.2018-06-25not yet calculatedCVE-2018-11589
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMcentreon -- centreon
*There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.2018-06-25not yet calculatedCVE-2018-11587
CONFIRM
CONFIRM
CONFIRMcivetweb -- civetwebOut-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.2018-06-22not yet calculatedCVE-2018-12684
MISC
MISCcloud_foundry -- cloud_foundry
*Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.2018-06-25not yet calculatedCVE-2018-11041
CONFIRMcloudwu/pbc -- cloudwu/pbc

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.2018-06-27not yet calculatedCVE-2018-12915
MISCcloudwu/pbc -- cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.2018-06-27not yet calculatedCVE-2018-12917
MISCcloudwu/pbc -- cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.2018-06-27not yet calculatedCVE-2018-12916
MISCcloudwu/pbc -- cloudwu/pbcIn libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.2018-06-27not yet calculatedCVE-2018-12918
MISCcnn-lite -- cnn-lite
*An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.2018-06-26not yet calculatedCVE-2018-12889
MISCcodecanyon -- brynamics_online_trade
*Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.2018-06-27not yet calculatedCVE-2018-12908
MISCcorebos -- corebos
*coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .2018-06-26not yet calculatedCVE-2018-1000547
MISCcraftedweb -- craftedweb
*In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.2018-06-27not yet calculatedCVE-2018-12919
MISCcyberark -- endpoint_privilege_manager
*In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.2018-06-26not yet calculatedCVE-2018-12903
MISCcybozu*-- mailwiseCross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0559
JVN
CONFIRMcybozu*-- mailwise
*Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0558
JVN
CONFIRMcybozu*-- mailwise
*Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0557
JVN
CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0529
JVN
CONFIRMcybozu*-- officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0527
JVN
CONFIRMcybozu*-- officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0565
JVN
CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0566
JVN
CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0567
JVN
CONFIRMcybozu*-- officeCybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0528
JVN
CONFIRMcybozu*-- office
*Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0526
JVN
CONFIRMdell -- emc_idrac_service_module
*Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.2018-06-26not yet calculatedCVE-2018-11053
MISC
BIDdelta_electronics -- delta_industrial_automation_commgr
*Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.2018-06-26not yet calculatedCVE-2018-10594
BID
MISCdenx -- u-boot
*U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.2018-06-26not yet calculatedCVE-2018-1000205
MISC
MISCdigisol -- dg-br4000ng_devicesDIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.2018-06-24not yet calculatedCVE-2018-12706
MISC
EXPLOIT-DBdigisol -- dg-br4000ng_devices
*DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).2018-06-24not yet calculatedCVE-2018-12705
MISC
EXPLOIT-DBeasycms -- easycms
*EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.2018-06-29not yet calculatedCVE-2018-12971
MISCeclipse -- jetty_server
*In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.2018-06-27not yet calculatedCVE-2018-12536
SECTRACK
CONFIRMeclipse -- jetty
*In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.2018-06-22not yet calculatedCVE-2018-12538
SECTRACK
CONFIRMeclipse*-- jettyIn Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.2018-06-26not yet calculatedCVE-2017-7657
SECTRACK
CONFIRMeclipse*-- jetty_serverIn Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.2018-06-26not yet calculatedCVE-2017-7658
SECTRACK
CONFIRMeclipse*-- jetty
*In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.2018-06-26not yet calculatedCVE-2017-7656
SECTRACK
CONFIRMelectro_industries/gaugetech -- nexus_devices
*Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.2018-06-28not yet calculatedCVE-2018-12921
MISCemerson_liebert -- intellislot_web_card_devices
*Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.2018-06-28not yet calculatedCVE-2018-12922
MISCethereum -- bitasean_token
*The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12084
MISCethereum -- block_18
*The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability."2018-06-25not yet calculatedCVE-2018-12703
MISC
MISCethereum -- fujinto_token
*The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12082
MISCethereum -- globalvillage_ecosystem_token
*The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability."2018-06-25not yet calculatedCVE-2018-12702
MISC
MISCethereum -- goal_bonanza_token
*The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12083
MISCethereum -- gold_reward_token
*The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-11446
MISCethereum -- internet_node_tokenThe mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12080
MISCethereum -- internet_node_token
*The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12063
MISCethereum -- polyai_token
*The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12078
MISCethereum -- sec_token
*The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12070
MISCethereum -- substratum_token
*The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12067
MISCethereum -- substraum_token
*The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12079
MISCethereum -- swftcoin_token
*The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12062
MISCethereum -- target_coin_tokenThe mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12081
MISCethereum -- target_coin_token
*The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue.2018-06-25not yet calculatedCVE-2018-12068
MISCexempi -- exempi
*The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.2018-06-22not yet calculatedCVE-2018-12648
MISCf5 -- big-ipOn BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.2018-06-27not yet calculatedCVE-2018-5527
SECTRACK
CONFIRMf5 -- big-ip
*Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.2018-06-27not yet calculatedCVE-2018-5528
SECTRACK
CONFIRMflir -- brickstream_2300_devices
*Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.2018-06-28not yet calculatedCVE-2018-12920
MISCfortinet -- fortimanagerAn improper access control vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.2018-06-27not yet calculatedCVE-2018-1354
BID
SECTRACK
SECTRACK
CONFIRMfortinet -- fortimanagerAn open redirect vulnerability in Fortinet FortiManager 6.0.0 and below versions, FortiAnalyzer 6.0.0 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.2018-06-27not yet calculatedCVE-2018-1355
BID
SECTRACK
SECTRACK
CONFIRMfortinet -- fortimanager
*A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log.2018-06-28not yet calculatedCVE-2018-1351
BID
SECTRACK
CONFIRMfroxlor -- froxlor
*Froxlor version Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.2018-06-26not yet calculatedCVE-2018-1000502
MISC
MISCnetapp*-- oncommand_unified_manager_for_7-mode
*NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.2018-06-22not yet calculatedCVE-2017-7568
BID
CONFIRMnorthern_electric_and_power -- inverter_devices
*Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.2018-06-28not yet calculatedCVE-2018-12927
MISCnov/json-jwt -- nov/json-jwt

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.2018-06-26not yet calculatedCVE-2018-1000539
MISCnsmaomao/mao10cms -- nsmaomao/mao10cms

mao10cms 6 allows XSS via the m=bbs&a=index page.2018-06-23not yet calculatedCVE-2018-12695
MISCnsmaomao/mao10cms -- nsmaomao/mao10cms

mao10cms 6 allows XSS via the article page.2018-06-23not yet calculatedCVE-2018-12696
MISCntt-cert*-- flets_virus_clear
*Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2018-06-26not yet calculatedCVE-2018-0563
JVN
MISC
MISCnucom -- wr644gacv_devices
*NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.2018-06-25not yet calculatedCVE-2018-8755
MISCocs_inventory_ng -- ocs_inventory_ngOCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.2018-06-26not yet calculatedCVE-2018-1000558
MISC
MISCocs_inventory_ng -- ocs_inventory_ng
*OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1.2018-06-26not yet calculatedCVE-2018-1000557
MISC
MISCoctopus -- deploy
*In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.2018-06-26not yet calculatedCVE-2018-12884
MISConefilecms -- onefilecmsonefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.2018-06-29not yet calculatedCVE-2018-12995
MISConefilecms -- onefilecms
*onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.2018-06-29not yet calculatedCVE-2018-12993
MISConefilecms -- onefilecms
*onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.2018-06-29not yet calculatedCVE-2018-12994
MISCopenpsa -- openpsaOpenpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.2018-06-26not yet calculatedCVE-2018-1000526
MISC
MISCopenpsa -- openpsa
*openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0.2018-06-26not yet calculatedCVE-2018-1000525
MISC
MISCopenslp -- openslp
*slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution.2018-06-28not yet calculatedCVE-2018-12938
BID
BID
MISCopentsdb -- opentsdbAn issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.2018-06-29not yet calculatedCVE-2018-12973
MISCopentsdb -- opentsdb
*An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.2018-06-29not yet calculatedCVE-2018-12972
MISCopentsdb -- opentsdb
*An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.2018-06-29not yet calculatedCVE-2018-13003
MISCoswetto/loboevolution -- oswetto/loboevolution

LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.2018-06-26not yet calculatedCVE-2018-1000540
MISCovirt -- engine
*ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.2018-06-26not yet calculatedCVE-2018-1072
REDHAT
CONFIRMowen -- 5000_trillion_yen_converter_chrome_extension
*Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0612
JVN
MISCperl -- perl
*perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.2018-06-29not yet calculatedCVE-2018-10860
CONFIRMpharos_controls -- pharos_controls_devices
*Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.2018-06-28not yet calculatedCVE-2018-12926
MISCphp -- php
*exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.2018-06-25not yet calculatedCVE-2018-12882
BID
CONFIRMphpldapadmin -- phpldapadminphpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.2018-06-22not yet calculatedCVE-2018-12689
EXPLOIT-DBpivotal -- operations_manager
*Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager2018-06-25not yet calculatedCVE-2018-11046
BID
CONFIRMpivotal -- springSpring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.2018-06-25not yet calculatedCVE-2018-11040
CONFIRMpivotal -- spring
*Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.2018-06-25not yet calculatedCVE-2018-11039
CONFIRMpixar -- rendermanA denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.2018-06-26not yet calculatedCVE-2018-3840
MISCpixar -- renderman
*A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.2018-06-26not yet calculatedCVE-2018-3841
MISCpixelpost -- pixelpostCross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0605
JVNpixelpost -- pixelpostSQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0606
JVNpixelpost -- pixelpost
*Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0604
JVNpodofo -- podofoA stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.2018-06-29not yet calculatedCVE-2018-12983
MISCpodofo -- podofo
*Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.2018-06-29not yet calculatedCVE-2018-12982
MISCpolaris -- office
*Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.2018-06-28not yet calculatedCVE-2018-12589
MISCportainer -- portainer
*Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.2018-06-22not yet calculatedCVE-2018-12678
CONFIRM
CONFIRMqutebrowser -- qutebrowser
*qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).2018-06-26not yet calculatedCVE-2018-1000559
MISC
MISC
MISCraydac/netbeans-mmd-plugin -- raydac/netbeans-mmd-plugin

netbeans-mmd-plugin version cbBitsSrc value.2018-06-28not yet calculatedCVE-2018-12932
MISC
MISC
MISC
MISC
MISCwine -- wine
*PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.2018-06-28not yet calculatedCVE-2018-12933
MISC
MISC
MISC
MISC
MISCwordpress -- wordpressWP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24.2018-06-26not yet calculatedCVE-2018-1000510
MISCwordpress -- wordpressTooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.2018-06-26not yet calculatedCVE-2018-1000512
MISCwordpress -- wordpressMetronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.2018-06-26not yet calculatedCVE-2018-1000506
MISCwordpress -- wordpressTooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.2018-06-26not yet calculatedCVE-2018-1000505
MISCwordpress -- wordpressRedirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.2018-06-26not yet calculatedCVE-2018-1000504
MISCwordpress -- wordpressWP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2.2018-06-26not yet calculatedCVE-2018-1000508
MISCwordpress -- wordpressWP User Groups version 2.0.0 contains a Cross Site Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1.2018-06-26not yet calculatedCVE-2018-1000507
MISCwordpress -- wordpressWP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.2018-06-26not yet calculatedCVE-2018-1000511
MISCwordpress -- wordpressRedirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.2018-06-26not yet calculatedCVE-2018-1000509
MISCwordpress -- wordpress
*WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .2018-06-26not yet calculatedCVE-2018-1000556
MISCwordpress -- wordpress
*WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.2018-06-26not yet calculatedCVE-2018-12895
BID
MISCwordpress -- wordpress
*The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.2018-06-22not yet calculatedCVE-2018-12636
CONFIRM
EXPLOIT-DBwordpress -- wordpress
*Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0602
JVN
MISCwordpress -- wordpress
*Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-06-26not yet calculatedCVE-2018-0603
JVN
MISC
MISCwordpress -- wordpress
*In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.2018-06-26not yet calculatedCVE-2018-12902
MISCwstmall -- wstmall
*WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.2018-06-29not yet calculatedCVE-2018-13010
MISCyaml/pyyaml -- yaml/pyyaml
*In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.2018-06-27not yet calculatedCVE-2017-18342
MISC
MISCyxcms -- yxcms
*protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.2018-06-29not yet calculatedCVE-2018-13025
MISCzenphoto -- zenphoto
*Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.2018-06-26not yet calculatedCVE-2018-0610
JVN
MISCzoho -- manageengineA reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13780) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.2018-06-29not yet calculatedCVE-2018-12996
MISCzoho -- manageengineIncorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.2018-06-29not yet calculatedCVE-2018-12997
MISCzoho -- manageengineA reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperS ervlet.2018-06-29not yet calculatedCVE-2018-12998
MISCzoho -- manageengine
*Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.2018-06-29not yet calculatedCVE-2018-12999
@#370#Back to top
This product is provided subject to this Notification and this Privacy & Use policy.




More...
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 04:27 AM.


Powered by vBulletin, Jelsoft Enterprises Ltd.