RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers

Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers...

CVE-2018-25225

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the...

UBUNTU-CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

SUSE CVE-2018-3630

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

SUSE CVE-2018-9266

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak...

SUSE CVE-2018-1000014

Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Zhengjim - 漏洞复现 搭漏洞环境是一个繁琐的事情，这里记录下自己学习搭各种环境的记录。部分利用Vulhub一个面向大众的开源漏洞靶场，来搭建漏洞环境，比较方便。（主要懒！） 漏洞 1. S2-057命令执行漏洞 2. ghostscript命令执行漏洞 3. weblogic反序列化漏洞CVE-2018-2628 4. Elasticsearch-Kibana本地包含漏洞CVE-2018-17246 5. ThinkPHP5.x版本命令执行漏洞 6. WordPressRESTAPI内容注入漏洞 7. Git漏洞允许任意代码执行CVE-2018-17456 8. Apache...

CVE-2018-21238

creationtimestamp| type| source ---|---|--- 2020-06-04 20:55:37+00:00| seen| https://t.me/cibsecurity/12563...

CVE-2018-18370

creationtimestamp| type| source ---|---|--- 2019-09-05 18:34:12+00:00| seen| https://t.me/cibsecurity/6560...

CVE-2018-21007

The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads...

UBUNTU-CVE-2018-16075

Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page...

CVE-2018-7541

creationtimestamp| type| source ---|---|--- 2018-12-31 06:47:32+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-citrix-xenserver-virtualisointiohjelmistossa...

DEBIAN-CVE-2018-20125

hw/rdma/vmw/pvrdmacmd.c in QEMU allows attackers to cause a denial of service NULL pointer dereference or excessive memory allocation in createcqring or createqprings...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-25393)

IBM Rational Quality Manager is the collaborative center for business-driven software and system quality across virtually any platform and any type of test. The software helps teams seamlessly share information, use automation to accelerate projects, and report metrics for targeted release...

QEMU Denial of Service Vulnerability (CNVD-2018-24494)

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in QEMU. A local attacker could exploit this vulnerability to cause a denial of service QEMU process crash...

CVE-2018-17379

SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filterorderDir or filterorder parameter...

UBUNTU-CVE-2018-12827

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

UBUNTU-CVE-2018-14400

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

DEBIAN-CVE-2018-14526

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

Microsoft Windows Device Guard Local Security Bypass Vulnerability (CNVD-2018-15448)

Microsoft Windows Server 2016 and others are a series of operating systems released by Microsoft USA Device Guard is one of the device protection components. A security feature bypass vulnerability exists in Microsoft Device Guard. An attacker could exploit the vulnerability to bypass code...