Weekly Update: a new vulnerability is published on the National Vulnerability Database (55 items)

New vulnerabilities from the NVD: CVE-2015-9287 (the_university_of_cambridge_web_authentication_system_apache_authentication_agent) Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location. Published at: May 13, 2019 at 07:29PM View on website May 20, 2019 at 05:27PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12270 In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites. Published at: May 20, 2019 at 05:29PM View on website May 20, 2019 at 09:27PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-1991 IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284. Published at: May 22, 2019 at 06:29PM View on website May 22, 2019 at 07:27PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10750 In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code. Published at: May 22, 2019 at 05:29PM View on website May 22, 2019 at 07:27PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-7202 An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. Published at: May 22, 2019 at 09:29PM View on website May 22, 2019 at 11:30PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-14729 The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. Published at: May 22, 2019 at 09:29PM View on website May 22, 2019 at 11:30PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12886 stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. Published at: May 22, 2019 at 10:29PM View on website May 22, 2019 at 11:30PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-9809 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure. Published at: May 22, 2019 at 10:29PM View on website May 22, 2019 at 11:30PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-6514 (wordpress) WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring. Published at: May 22, 2019 at 09:29PM View on website May 22, 2019 at 11:30PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-9808 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-8777 Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization. Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-8341 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-8340 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-6912 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5984 In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read. Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5871 Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote). Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5864 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5863 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. Published at: May 22, 2019 at 11:29PM View on website May 23, 2019 at 03:27AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-15664 In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). Published at: May 23, 2019 at 05:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5213 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5212 Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5211 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-5210 Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-17061 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-17060 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-15652 Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-15030 Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-15029 Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Published at: May 23, 2019 at 06:29PM View on website May 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-13668 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Published at: May 23, 2019 at 07:29PM View on website May 23, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11740 In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. Published at: May 23, 2019 at 07:29PM View on website May 23, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11739 In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. Published at: May 23, 2019 at 07:29PM View on website May 23, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11738 In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. Published at: May 23, 2019 at 07:29PM View on website May 23, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11561 An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell. Published at: May 23, 2019 at 07:29PM View on website May 23, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-13667 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11560 An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11559 An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11557 An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-11365 Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-9969 In libwebp 0.5.1, there is a double free bug in libwebpmux. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8901 b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. Published at: May 23, 2019 at 09:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8899 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. Published at: May 23, 2019 at 10:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8897 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php. Published at: May 23, 2019 at 10:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-7550 asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). Published at: May 23, 2019 at 10:29PM View on website May 24, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8900 Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. Published at: May 24, 2019 at 08:29PM View on website May 24, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-8898 Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php. Published at: May 24, 2019 at 08:29PM View on website May 24, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10245 Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. Published at: May 24, 2019 at 08:29PM View on website May 24, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10759 The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10758 PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10757 In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10756 Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10755 AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10754 modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10753 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10752 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10751 osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload. Published at: May 24, 2019 at 09:29PM View on website May 25, 2019 at 01:14AM via National Vulnerability Database