Microsoft SharePoint Server CVE-2018-8578 Information Disclosure Vulnerability

Description Microsoft SharePoint Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft SharePoint Foundation 2013 SP1 Recommendations Run all software as a...

Cisco Registered Envelope Service Information Disclosure Vulnerability

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF...

Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

iSmartViewPro 1.5 - Device Alias Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow Author: Rodrigo Eduardo Rodriguez Vendor Homepage: https://securimport.com/ Software Link:...

GHSA-PRR5-PFR8-Q9F3 Plone allows remote attackers to read hidden folder contents

ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors...

Security Bulletin: A security vulnerability has been identified in an IBM Tivoli Monitoring shared component and WebSphere Application Server which are both shipped with IBM Service Delivery Manager

Summary An IBM Tivoli Monitoring shared component and WebSphere Application Server are both included as part of IBM Service Delivery Manager. Information about a security vulnerability affecting an IBM Tivoli Monitoring shared component and WebSphere Application Server have been published in two...

Denial of Service in ecstatic

Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected headers...

Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

Denial Of Service (DoS)

libgdkpixbuf-2.0.so is vulnerable to denial of service DoS attacks. A malicious user can pass an ICO file to the DecodeHeader function in io-ico.c to cause a out-of-bounds read that can crash the application...

Microsoft Windows Device Guard CVE-2018-0958 Local Security Bypass Vulnerability

Description Microsoft Windows is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...

What to Do When Msvcp140.dll Goes Missing in Windows

By Waqas Imagine that you download a program or a software that This is a post from HackRead.com Read the original post: What to Do When Msvcp140.dll Goes Missing in Windows...

Private file access bypass.

More info at https://www.drupal.org/SA-CORE-2018-001...

Microsoft Windows Kernel CVE-2018-0742 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

CVE-2017-15111

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link...

Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cross-Site Scripting in keystone

Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize user input on the Contact Us page, allowing attackers to submit contact forms with malicious JavaScript in the message field. The output is not properly encoded leading an admin that open...

gdal/gtiff_fuzzer: Crash in TIFFFillTile

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=6518095486124032 Project: gdal Fuzzer: libFuzzergdalgtifffuzzer Fuzz target binary: gtifffuzzer Job Type: libfuzzerubsangdal Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7ff53c4aaa40 Cras...

Vulnerability in OpenSSL - Malformed X.509 IPAddressFamily could cause OOB read

While parsing an IPAdressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. Found by Google OSS-Fuzz...

Security Advisory - Multiple Vulnerabilities in UMA Products

The Unified Maintenance Audit UMA system provides a unified portal for O&M operations, controls and records users' O&M operations, and supports auditing by way of command display and video replay. The UMA product has the following vulnerabilities, which are introduced by software provided by...