петък, 14 юни 2019 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (50 items)

New vulnerabilities from the NVD: CVE-2017-18376

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
Published at: June 02, 2019 at 11:29PM
View on website

June 03, 2019 at 02:30AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.
Published at: June 03, 2019 at 10:29PM
View on website

June 04, 2019 at 12:31AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-14852

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
Published at: June 03, 2019 at 10:29PM
View on website

June 04, 2019 at 12:31AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-14851

A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.
Published at: June 03, 2019 at 10:29PM
View on website

June 04, 2019 at 12:31AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-14850

All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.
Published at: June 03, 2019 at 10:29PM
View on website

June 04, 2019 at 12:31AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-14728

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.
Published at: June 03, 2019 at 10:29PM
View on website

June 04, 2019 at 12:31AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-14854

A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.
Published at: June 03, 2019 at 11:29PM
View on website

June 04, 2019 at 02:30AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-13384

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
Published at: June 05, 2019 at 12:29AM
View on website

June 05, 2019 at 03:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-13382

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Published at: June 05, 2019 at 12:29AM
View on website

June 05, 2019 at 03:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-13381

A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads.
Published at: June 05, 2019 at 12:29AM
View on website

June 05, 2019 at 03:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-13380

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
Published at: June 05, 2019 at 12:29AM
View on website

June 05, 2019 at 03:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
Published at: June 05, 2019 at 12:29AM
View on website

June 05, 2019 at 03:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-7122

A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Published at: June 05, 2019 at 06:29PM
View on website

June 05, 2019 at 09:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-7121

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Published at: June 05, 2019 at 06:29PM
View on website

June 05, 2019 at 09:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-18571

An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
Published at: June 05, 2019 at 06:29PM
View on website

June 05, 2019 at 09:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-6261

NVIDIA?s Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure
Published at: June 05, 2019 at 05:29PM
View on website

June 05, 2019 at 09:13PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10171

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.
Published at: June 06, 2019 at 01:29AM
View on website

June 06, 2019 at 05:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-2028

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
Published at: June 06, 2019 at 04:29AM
View on website

June 06, 2019 at 09:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-9839

An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes).
Published at: June 06, 2019 at 10:29PM
View on website

June 07, 2019 at 01:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-8047

vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).
Published at: June 06, 2019 at 10:29PM
View on website

June 07, 2019 at 01:13AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.
Published at: June 07, 2019 at 06:29PM
View on website

June 07, 2019 at 09:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-5798

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
Published at: June 07, 2019 at 06:29PM
View on website

June 07, 2019 at 09:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-5265

Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.
Published at: June 07, 2019 at 06:29PM
View on website

June 07, 2019 at 09:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-20135

Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.
Published at: June 07, 2019 at 07:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-20091

An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.
Published at: June 07, 2019 at 07:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-20014

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.
Published at: June 07, 2019 at 07:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19999

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19802

aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3).
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19801

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6).
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19800

aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3).
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19465

Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19452

A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19451

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.
Published at: June 07, 2019 at 08:29PM
View on website

June 07, 2019 at 11:17PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10703

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10702

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10701

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10700

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10699

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10698

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10697

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10696

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10695

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10694

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10693

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10692

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10691

An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10690

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.
Published at: June 07, 2019 at 11:29PM
View on website

June 08, 2019 at 03:17AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар