14 matches found
CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...
RHCOS 3 : OpenShift Container Platform 3.6 (RHSA-2018:3598)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3598 advisory. - kubernetes: authentication/authorization bypass in the handling of non-101 responses CVE-2018-1002105 Note that Nessus has not tested for...
RHCOS 3 : OpenShift Container Platform 3.5 (RHSA-2018:1235)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1235 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...
MiracleLinux 7 : libvncserver-0.9.9-12.el7 (AXSA:2018-2817:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2817:02 advisory. libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c CVE-2018-7225 Tenable has extracted the preceding description block...
MiracleLinux 7 : libvirt-3.9.0-14.5.0.1.el7.AXS7 (AXSA:2018-3138:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3138:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted the...
SUSE CVE-2018-6969
VMware Tools 10.x and prior before 10.3.0 contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing mu...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1572 more potentially affected by CVE-2018-1999043 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.12)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1999043 Source advisory: OSV:GHSA-2632-H32J-6RG9...
DEBIAN-CVE-2018-14461
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldptlvprint...
CVE-2018-0723
creationtimestamp| type| source ---|---|--- 2018-12-26 18:19:28+00:00| seen| https://t.me/cibsecurity/1782 2018-12-26 18:19:29+00:00| seen| https://t.me/cibsecurity/1783...
CVE-2018-19927
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zFormsavechanges sipnick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases...
Lightbox2 - Critical - Cross Site Scripting - SA-CONTRIB-2018-064
The Lightbox2 module enables you to overlay images on the current page. The module did not sanitize some inputs when used in combination with a custom view leading to potential Cross Site Scripting XSS...
Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-1647)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1647 advisory. 1:1.7.0.181-2.6.14.8.0.1 - Update DISTRONAME in specfile 1:1.7.0.181-2.6.14.8 - added and applied 1566890embargoed20180521.patch - Resolves: rhbz1578550 Tenable...
RHEL 7 : dhcp (RHSA-2018:1456)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1456 advisory. The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration...
CVE-2018-7737
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by adminfooter.php or adminfooter.php. NOTE: the software maintainer disputes that this is a vulnerability...