PT-2018-9820 · Wuzhi · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: The issue allows for persistent XSS via the form%5Bqq 10%5D parameter to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI. This enables potential attackers to inject malicious scripts into the...

GroupSession vulnerable to open redirect

Overview GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability CWE-601. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Microsoft ASP.NET Core CVE-2018-0784 Remote Privilege Escalation Vulnerability

Description Microsoft ASP.NET Core is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft ASP.NET Microsoft ASP.NET Core 2.0 Microsoft Windows 10 version 1703 for 32-bit Systems Recommendations Block...

PT-2017-14609

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.7.1 Description An issue was discovered in the parsing of numeric header fields in a SIP message, such as cseq, ttl, and port. This could lead to a buffer overflow, causing unintended values to be captured or a buffer...

PT-2017-2800

Name of the Vulnerable Software and Affected Versions Subversion versions prior to 1.8.19 Subversion versions 1.9.x prior to 1.9.7 Subversion versions 1.10.0.x through 1.10.0-alpha3 git-annex versions prior to 6.20170818 Description A maliciously constructed URL could cause Subversion clients to...

FTC Releases Alert on Government Grant Scams

The Federal Trade Commission FTC has released an alert on government grant scams. In these schemes, scammers pose as government officials to get consumers to send them money. Anytime someone asks you to pay money to get money, stop and think twice. US-CERT encourages consumers to refer to the FTC...

CVE-2017-9411

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9100. Reason: This candidate is a duplicate of CVE-2015-9100. Notes: All CVE users should reference CVE-2015-9100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Microsoft Edge CVE-2017-0241 Remote Privilege Escalation Vulnerability

Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary, unless external parties require service. Filter...

Linux/x86 - Egg-hunter Shellcode (18 bytes)

Linux/x86 - Egg-hunter Shellcode 18 bytes. Shellcode exploit for Linx86 platform // Description: a 18 bytes egg hunter on contigous memory segments // // You are free to do whatever you want of this shellcode // // @phacktul / global start section .text start: mov eax, start ; we set a valid .tex...

PT-2017-4061

Name of the Vulnerable Software and Affected Versions jackson-databind versions prior to 2.6.7.1 jackson-databind versions prior to 2.7.9.1 jackson-databind versions prior to 2.8.9 jackson-databind versions 2.0.0 through 2.9.5 Description A deserialization flaw in the jackson-databind library is...

Microsoft Edge CVE-2017-0140 Security Bypass Vulnerability

Description Microsoft Edge is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Microsoft Edge Recommendations Block external acces...

Microsoft Edge CVE-2017-0017 Information Disclosure Vulnerability

Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3566)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3566 advisory. - net: add validation for the socket syscall protocol argument Hannes Frederic Sowa Orabug: 23267976 CVE-2015-8543 CVE-2015-8543 - ipv6: addrconf:...

CVE-2016-7575

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7575. Reason: This candidate is a duplicate of CVE-2015-7575. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-7575 instead of this candidate. All references and descriptions in this...

CG-WLNCM4G may behave as an open resolver

Overview CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

PT-2015-2751

Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.2 Description The issue is caused by improper handling of invalid input, allowing context-dependent attackers to cause a denial of service via crafted XML data. This can lead to an out-of-bounds read and a crash in libxml2...

Microsoft Internet Explorer CVE-2015-1747 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

libxml2 security update

2.9.1-5.0.1.el71.2 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2.9.1-5.2 - Fix missing entities after CVE-2014-3660 fix - CVE-2014-0191 Do not fetch external parameter entities rhbz1195649 - Fix regressions introduced by CVE-2014-0191 patch...

PT-2015-5258 · Blubrry · Blubrry Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin versions prior to 6.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a "powerpress-editcategoryfeed" action in the "powerpressadmin...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3103)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3103 advisory. - ALSA: control: Protect user controls against concurrent access Lars-Peter Clausen Orabug: 20192540 CVE-2014-4652 - target/rd: Refactor...