Weekly Update: a new vulnerability is published on the National Vulnerability Database (10 items)

New vulnerabilities from the NVD: CVE-2016-1000276 Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled. Published at: February 05, 2019 at 12:29AM View on website February 05, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1000271 Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. Published at: February 04, 2019 at 11:29PM View on website February 05, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18362 ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication. Published at: February 05, 2019 at 08:29AM View on website February 05, 2019 at 01:52PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-1202 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677. Published at: February 05, 2019 at 08:29PM View on website February 05, 2019 at 09:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-1200 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675. Published at: February 05, 2019 at 08:29PM View on website February 05, 2019 at 09:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-1198 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673. Published at: February 05, 2019 at 08:29PM View on website February 05, 2019 at 09:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-1177 IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429. Published at: February 05, 2019 at 08:29PM View on website February 05, 2019 at 09:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1000282 Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. Published at: February 05, 2019 at 07:29PM View on website February 05, 2019 at 09:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9282 The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard. Published at: February 06, 2019 at 09:29PM View on website February 06, 2019 at 11:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-5154 An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. Published at: February 10, 2019 at 12:29AM View on website February 10, 2019 at 02:02AM via National Vulnerability Database Manage this Applet