Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this...

Code injection

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2018-3213

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

CVE-2018-3174

Disclaimer: This data contains information about vulnerable...

Dell EMC ESRS Virtual Edition Information Disclosure Vulnerability

Dell EMC ESRS is a secure storage product from DEll. An information disclosure vulnerability exists in Dell EMC ESRS Virtual Edition, where the contents of log files store sensitive data, including commands executed to generate authentication tokens, which could be useful to an attacker for...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2018-15592

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector...

CVE-2018-15592

Ivanti Workspace Control and RES One Workspace are affected by CVE-2018-15592 (pre-10.3.10.0). A local authenticated user can escalate privileges to execute processes with elevated rights via an unspecified attack vector. CVSS information from NVD indicates a local, low complexity attack with use...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...

ImageMagick Buffer Overflow Vulnerability (CNVD-2018-20676)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in the 'EncodeImage' function of the coders/pict.c file in ImageMagick version 7.0.8-1...

When Endpoint Detection and Response (EDR) is not enough

As cybercriminals continue to validate the reality that no prevention-based security control is going to stop every threat every time, companies are expanding beyond prevention-only approaches and closing the gap with endpoint detection and response solutions. But as we consider this strategy, on...

CVE-2018-1743

CVE-2018-1743 affects IBM Security Key Lifecycle Manager. The vulnerability exposes sensitive information to unauthorized users, enabling information disclosure that could support further system attacks. Affected products and versions: IBM Security Key Lifecycle Manager v2.6 (up to 2.6.0.4), v2.7...

Chamilo LMS 1.11.8 firstname Cross Site Scripting

Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS:...

[20190205] - Core - XSS Issue in core.js writeDynaList

Inadequate parameter handling in JS code could lead to an XSS attack vector...

Chamilo LMS 1.11.8 - firstname Cross-Site Scripting

Chamilo LMS 1.11.8 - firstname Cross-Site Scripting Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link:...

CVE-2018-15415

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Communicator Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. 3...

CVE-2018-17847

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

Substratum Integer Overflow Vulnerability

Substratum SUB is an ethereum-based virtual currency. An integer overflow vulnerability exists in the 'mintToken' function in Substratum's smart contract implementation, which can be exploited by an attacker to control mintedAmount and arbitrarily modify the balance of a user's account...