SUSE-SU-2018:3644-1 Security update for systemd

This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in unitdeserializ...

Roche Accu-Chek Inform II Base Unit/Base Unit Hub and CoaguChek/cobas h232 Handheld Base Unit Command Execution Vulnerabilities

The Roche Accu-Chek Inform II Base Unit/Base Unit Hub and the CoaguChek/cobas h232 Handheld Base Unit are handheld blood testing medical devices from Roche, Switzerland. A security vulnerability exists in the Roche Accu-Chek Inform II Base Unit/Base Unit Hub prior to version 03.01.04 and the...

Roche Accu-Chek Inform II Base Unit/Base Unit Hub and CoaguChek/cobas h232 Handheld Base Unit License Issue Vulnerability

The Roche Accu-Chek Inform II Base Unit/Base Unit Hub and the CoaguChek/cobas h232 Handheld Base Unit are handheld blood testing medical devices from Roche, Switzerland. An authorization issue vulnerability exists in the Roche Accu-Chek Inform II Base Unit/Base Unit Hub versions prior to 03.01.04...

Small Business Benefits of Moving to the Cloud: Effective Security

When you’re selecting an endpoint security platform for your small business, you want it to work — and work well. However, less than one third of organizations believe that traditional AV has the power to stop the attacks that they are seeing.1 With fileless malware attacks and ransomware on the...

BSA-2018-740

Security Advisory ID : BSA-2018-740 Component : CPU featuring SMT Revision : 1.0: Initial A group a researchers has discover a new vulnerability being called PortSmash, impacting all CPUs that use a Simultaneous Multithreading SMT architecture. SMT is a technology that allows multiple computing...

systemd - reexec State Injection

systemd - reexec State Injection / I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade, state is...

Webiness Inventory 2.9 Shell Upload

Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Date: 10/27/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName = $file'name'; 48 $fileTmp =...

DEBIAN-CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

phptpoint Hospital Management System 1.0 - 'user' SQL injection

Exploit Title: phptpoint Hospital Management System 1.0 - 'user' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: Version: 1 Tested on: WAMP windows 10 x64 CVE: unknown Description: Phptpoin...

phptpoint Pharmacy Management System 1.0 - 'username' SQL injection

Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: https://www.phptpoint.com/pharmacy-management-system/ Version: 1 Tested...

chromium-browser: Memory corruption in GPU Internals

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

http-sap-netweaver-leak NSE Script

Detects SAP Netweaver Portal instances that allow anonymous access to the KM unit navigation page. This page leaks file names, ldap users, etc. SAP Netweaver Portal with the Knowledge Management Unit enable allows unauthenticated users to list file system directories through the URL...

Martem TELEM GW6/GWM Privilege Vulnerability

Martem TELEM GW6/GWM are both data processor products of Martem Estonia. A security vulnerability exists in previous versions of Martem TELEM GW6/GWM 2.0.87-4018403-k4. An attacker can exploit the vulnerability by connecting to the RTU using default credentials to modify/upload new system...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8854

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended...

CVE-2018-8850

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result ...

CVE-2018-8852

Philips e-Alert Unit non-medical device, Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier...

CVE-2018-8850

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result ...

CVE-2018-8844

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...