PT-2018-14577 · Microstrategy · Microstrategy Analytics

Name of the Vulnerable Software and Affected Versions: Microstrategy Analytics versions prior to 10.4.0026.0049 Description: The issue concerns a CSRF problem in the main.aspx file. The vendor has provided documentation for preventing CSRF attacks, but there is a disagreement on whether this issu...

DEBIAN-CVE-2018-20191

hw/rdma/vmw/pvrdmamain.c in QEMU does not implement a read operation such as uarread by analogy to uarwrite, which allows attackers to cause a denial of service NULL pointer dereference...

UBUNTU-CVE-2018-1000852

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvcmain.c, drdynvcprocesscapabilityrequest that can result in The RDP server can read the client's memory.. This attack appear to...

DEBIAN-CVE-2018-20123

pvrdmarealize in hw/rdma/vmw/pvrdmamain.c in QEMU has a Memory leak after an initialisation error...

Design/Logic Flaw

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...

CVE-2018-20159

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...

CVE-2018-20017

SEMCMS 3.5 has XSS via the first text box to the SEMCMSMain.php URI...

NA300 PLC has an unauthorized operation vulnerability

The NA300 PLC is a mid-size programmable controller. An unauthorized operation vulnerability exists in the NA300 PLC. An attacker can exploit the vulnerability to remotely tamper with the MAIN program in the PLC...

Microstrategy Analytics Cross-Site Request Forgery Vulnerability

Microstrategy Analytics is a suite of enterprise data analytics platforms from Microstrategy, Inc. in the United States. The platform features data discovery, data visualization and report generation. A cross-site request forgery vulnerability exists in the main.aspx file in Microstrategy Analyti...

CVE-2018-19557

An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images...

CVE-2018-19558

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...

Sql injection

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...

Centreon Cross-Site Scripting Vulnerability (CNVD-2019-00828)

Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A cross-site scripting...

CVE-2018-19346

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting...

CVE-2018-19312

Centreon 3.4.x fixed in Centreon 18.10.0 and Centreon web 2.8.24 allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI...

Advanced tools: Process Hacker

Process Hacker is a very valuable tool for advanced users. It can help them to troubleshoot problems or learn more about specific processes that are running on a certain system. It can help identify malicious processes and tell us more about what they are trying to do. Background information...

SEMCMS cross-site scripting vulnerability (CNVD-2019-01719)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by a remote attacker to inject arbitrary Web script or HTML into the copyright text box of the admin/SEMCMSMain.p...

br.com.anteros:Anteros-Security-Spring (>=2.0.0 <=2.0.20), br.com.anteros:Anteros-Security-Spring-Mongo (>=1.0.0 <=1.0.5) +83 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.3.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =3.0.0.RELEASE, =1.0.4, =1.0.9 - com.github.lizixiang:triph-common =0.0.1-RELEASE and more Source cves: CVE-2018-15758...

br.com.damsete.arq:damsete-arq (>=0.0.1 <=0.0.3), br.com.damsete.arq:damsete-arq-audit (>=0.0.1 <=0.0.3) +14 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.0.1, =4.0.0, =0.1.0, =4.26.0, =4.26.0, =3.3.0.6, =4.30.0 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

ASUS RT-AC58U Information Disclosure Vulnerability

ASUS RT-AC58U is a wireless router product from ASUS. A security vulnerability exists in ASUS RT-AC58U version 3.0.0.4.3806516. The vulnerability can be exploited by a remote attacker to obtain the hostname and IP address by reading the dhcpLeaseInfo data in the HTML source code of the...