1065 matches found
PT-2018-23: Remote Code Execution in PRTG Network Monitor
The specialists of the Positive Research center have detected a Remote Code Execution vulnerability in PRTG Network Monitor. Vulnerability due to improper handling of user input in the POST parameter 'proxyport' allows remote authenticated attackers with read-write privileges to execute an...
JVN#67881316: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-0569 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVS...
WordPress Charitable plugin <= 1.5.13 - Unauthorized Access vulnerability leading to Sensitive Information Disclosure
Unauthorized Access vulnerability leading to Sensitive Information Disclosure discovered in WordPress Charitable plugin versions = 1.5.13. Solution Update the WordPress Charitable plugin to the latest available version at least 1.5.14...
Path Traversal
Overview Versions of glance before 3.0.4 are vulnerable to path traversal allowing a remote attacker to read arbitrary files from the server using glance. Recommendation Update to version 3.0.4 or later. References - GitHub Commit 8cfd88e - HackerOne Report - GitHub Advisory...
DLA-1361-1 psensor - security update
Bulletin has no description...
DSA-4179-1 linux-tools - security update
Bulletin has no description...
DSA-4176-1 mysql-5.5 - security update
Bulletin has no description...
JVN#65268217: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. SQL injection in the application "Address" CWE-89 - CVE-2018-0530 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N|...
DLA-1283-2 python-crypto - security update
Bulletin has no description...
DSA-4164-1 apache2 - security update
Bulletin has no description...
Safari vulnerable to script injection
Overview Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is...
JVN#72589538: LXR vulnerable to OS command injection
LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Impact On a server where the product is running, a remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version according to the information provided by the...
DSA-4151-1 librelp - security update
Bulletin has no description...
DLA-1318-1 irssi - security update
Bulletin has no description...
DSA-4146-1 plexus-utils - security update
Bulletin has no description...
DSA-4142-1 uwsgi - security update
Bulletin has no description...
DLA-1306-1 vips - security update
Bulletin has no description...
SUSE-SU-2018:0602-1 Security update for rubygem-puppet
This update for rubygem-puppet fixes the following issues: - CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files were unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions...
JVN#56132776: Multiple vulnerabilities in Jubatus
Jubatus provided by Jubatus Community contains multiple vulnerabilities listed below. Arbitrary code execution - CVE-2018-0524 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 5.6 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score: 6.8 Directory...
OS Property, 3.12.8, SQL Injection
OS Property from Joomdonation.com, 3.12.8 and previous, SQL Injection resolution: update to 3.12.9 note that previous security release 3.12.8 did not completely fix the issue update notice: https://www.joomdonation.com/forum/os-property/61368-os-property-3-12-9-released-security-issue-fixed.html...