Design/Logic Flaw

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

The CVE-2018-13002 entry concerns Weblication CMS Core & Grid v12.6.24. A cross-site scripting (XSS) flaw exists in the wFilemanager.php and index.php files within the /grid5/scripts/ module. The vulnerability targets the Project Title field in the Inhaltsprojekte listing, allowing remote attacke...

CVE-2018-0359

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Googl...

js-given code execution vulnerability

js-given is a developer-oriented , BDD for JavaScript Behavior Driven Development, Behavior Driven Development tools . A security vulnerability exists in js-given that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability ...

Synapse Hijacking Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. There is a security vulnerability in Synapse. An attacker can exploit the vulnerability to hijack 'rooms' message channels...

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in...

Unspecified vulnerability in https-proxy-agent

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...

FTPShell Server Denial of Service Vulnerability

FTPShell Server is a safe and reliable FTP client tool. A security vulnerability exists in FTPShell Client version 6.80. An attacker can exploit this vulnerability to launch a denial of service attack...

selenium-standalone-painful remote code execution vulnerability

selenium-standalone-painful is a program for installing command line tools for starting a selenium standalone server. A security vulnerability exists in selenium-standalone-painful that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker...

Researchers discover vulnerabilities in smart assistants’ voice commands

Virtual personal assistants VPA, also known as smart assistants like Amazon’s Alexa and Google’s Assistant, are in the spotlight for vulnerabilities to attack. Take, for example, that incident about an Oregon couple’s Echo smart speaker inadvertently recording their conversation and sending it to...

SearchBlox 8.6.6 - Cross-Site Request Forgery

SearchBlox 8.6.6 - Cross-Site Request Forgery Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windo...

Privilege escalation

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...

Backdoors in D-Link’s backyard

"If you want to change the world, start with yourself." In the case of security research this can be rephrased to: "If you want to make the world safer, start with the smart things in your home." Or, to be more specific, start with your router – the core of any home network as well as an...

CVE-2018-11340

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...

BBE theme for WordPress HTML editor vulnerability

BBE theme for WordPress is a theme plugin for the WordPress platform. A security vulnerability exists in BBE theme for WordPress versions prior to 1.53. An attacker can exploit the vulnerability to launch the HTML editor directly...

Cisco Enterprise NFV Infrastructure Software Secure Copy Protocol Server Input Validation Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from the U.S.-based Cisco. The platform enables full lifecycle management of virtualization services through a central coordinator and controller. secure copy protocol SCP server is one of the...

S/MIME Information Disclosure Vulnerability

S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. An attacker could exploit the vulnerability to obtain a message in plaintext form from an encrypted message...

Phishing Spy Campaign Targets Top Mideast Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...