The vulnerability of Junos Operating System’s Routing Protocol Daemon (RPD) allows a hacker to execute arbitrary code.

The vulnerability of the Junos operating system’s Routing Protocol Daemon RPD arises from errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending numerous specially crafted Draft-Rosen MPLS packets...

Mail.ru: CSRF on draft message creation in tel.mail.ru

CSRF allowed to save message draft with attacker controlled content...

Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in Draft-Rosen MVPN configuration

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon RPD process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a...

CVE-2018-0045

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon RPD process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a...

CVE-2018-0045

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon RPD process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a...

Design/Logic Flaw

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon RPD process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a...

CVE-2018-0045

CVE-2018-0045 describes a vulnerability in Juniper Networks Junos OS where receiving a specific Draft-Rosen MVPN control packet can crash and restart the RPD daemon, with potential remote code execution. Exploitation is possible from the PE device within the MPLS core; end users on CE cannot trig...

CVE-2018-0045 Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in Draft-Rosen MVPN configuration

Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon RPD process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a...

Yet Another IoT Cybersecurity Document

This one is from NIST: "Considerations for Managing Internet of Things IoT Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others...

CVE-2018-17302

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

CVE-2018-17302

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

CVE-2018-17302

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

CVE-2018-17302

CVE-2018-17302 corresponds to a stored XSS in EspoCRM 5.3.6. The vulnerability is in views/fields/wysiwyg.js and is exploitable via the URL fragment /#Email/view (saved draft message). The available sources consistently describe a stored XSS condition affecting EspoCRM 5.3.6; no further details o...

CVE-2018-16298

MiniCMS 1.10 is affected by a cross-site scripting (XSS) vulnerability in the admin endpoint mc-admin/post.php?tag= where requests with state=delete, state=draft, or state=publish can inject script or HTML. The flaw is triggered via the tag parameter and is present in the public CVE entries acros...

CVE-2018-16278

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

Draft of Microsoft Security Servicing Commitments for Windows

Updated September 10, 2018 The Servicing Criteria for Windows has transitioned to an official document and can be found at the link below. Microsoft thanks the members of the research community who provided feedback on the draft copy. Microsoft Security Servicing Criteria for Windows...

Microsoft Office Information Disclosure Vulnerability (CNVD-2018-00739)

Microsoft Office is an office software suite of products developed by the American Microsoft Corporation Microsoft. An information disclosure vulnerability exists in Microsoft Office that originates from the program failing to properly enforce copy/paste permissions on DRM-protected emails. An...

Vanilla: Overwrite Drafts of Everyone

Description: ----------- Users have option to save drafts before doing comment on posts or discussions, where DraftID parameter is get passed to keep the draft record and if attacker replace this id with any existing id it will simple overwrite that record without checking the permission he that...

Bypass Access Restrictions

Wordpress is vulnerable to bypassing access restrictions. The bypass is possible because the application does not properly check the editposts capability for auto-draft creation actions...

SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr (SUSE-SU-2017:1175-1)

Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 close to release draft and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox bsc1035082 - MFSA 2017-11/CVE-2017-5469: Potenti...