CVE-2018-16780

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment...

CVE-2018-16780

CVE-2018-16780 affects Complete Responsive CMS Blog up to 2018-05-20 and is due to an XSS via user comments. The available documents confirm the vulnerability type but do not provide product version details, exact vulnerable components, root cause specifics, exploit information, or remediation st...

CVE-2018-16780

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment...

Medium: mysql55

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

ADM 3.1.2RHG1 - Remote Code Execution

ADM 3.1.2RHG1 - Remote Code Execution Title: Asustor ADM 3.1.2RHG1 - Remote Code Execution Author: Matthew Fulton & Kyle Lovett Date: 2018-07-01 Vendor Homepage: https://www.asustor.com/ Software Link: http://download.asustor.com/download/adm/X64G33.1.2.RHG1.img Version: = ADM 3.1.2RHG1 Tested on...

ADM 3.1.2RHG1 Remote Code Execution

Title: Asustor ADM 3.1.2RHG1 - Remote Code Execution Author: Matthew Fulton & Kyle Lovett Date: 2018-07-01 Vendor Homepage: https://www.asustor.com/ Software Link: http://download.asustor.com/download/adm/X64G33.1.2.RHG1.img Version: = ADM 3.1.2RHG1 Tested on: ASUSTOR AS6202T CVE : CVE-2018-11510...

CVE-2017-18305

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835...

Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub

These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung ...

Inteno IOPSYS - (Authenticated) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" re...

10 Endpoint Security Problems Solved by the Cloud – Identifying Problems

Last week we looked at how the cloud keeps your endpoints from becoming sluggish and pointed out why it is uniquely positioned to predict new threats. This week, we’re going to examine why the cloud outperforms traditional antivirus when it comes to identifying problems. Can't Fix What You Can't...

CVE-2018-3080

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Design/Logic Flaw

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to...

CVE-2018-3085

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

Solaris 10 (x86) : 150401-62

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3 build 20180402, 4.3.4 < 4.3.4 build 20180501 RCE Vulnerability

QNAP QTS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...

zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c

A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affect...

Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u25, 7u72 and 6u85 are susceptible to multiple vulnerabilites. Vulnerability Details CVEID: CVE-2014-6558 DESCRIPTION: An unspecified vulnerability related to the Security...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2015-2590 plus additional CVEs.)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Monitoring. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0603)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 that is used by IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software. JRE/SDK installation executables on the Windows platform are affected by this vulnerability...