Security Bulletins
Latest Malware Updates
Downloader.Busadom!g102/27/2015Infostealer.Posteal02/26/2015Downloader.Busadom02/26/2015Trojan.Ladocosm02/26/2015SONAR.SuspDocRun02/25/2015SONAR.SuspHelpRun02/25/2015W32.Tempedreve.D!inf02/25/2015SONAR.PUA!AlnadInsta02/25/2015SONAR.Infostealer!g502/25/2015SONAR.Infostealer!g402/25/2015 |
Security News
CVE-2018-10266BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. 04/21/2018CVE-2018-10268An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\\api\\controller\\User.php avatar parameter. 04/21/2018CVE-2018-10267WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. 04/21/2018CVE-2018-10266BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. 04/21/2018CVE-2018-10265An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI. 04/21/2018CVE-2018-10126LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. 04/21/2018CVE-2017-15640app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter. 04/21/2018CVE-2018-10126LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. 04/21/2018CVE-2017-15640app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter. 04/21/2018CVE-2018-10284Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter. 04/21/2018CVE-2018-10283CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action. 04/21/2018CVE-2018-10284Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter. 04/21/2018CVE-2018-10283CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action. 04/21/2018CVE-2018-10254Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. 04/21/2018CVE-2018-10253Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. 04/20/2018CVE-2018-9059Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. 04/20/2018CVE-2018-8826ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. 04/20/2018CVE-2018-7747Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form. 04/20/2018CVE-2018-10176Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. 04/20/2018Security News 21 - 40 of 131079 First | Prev. | 1 2 3 4 5 | Next | Last |
Security Advisories Database
Remote Code Execution Vulnerability in Microsoft OpenType Font DriverA remote attacker can execute arbitrary code on the target system. 07/21/2015Multiple Vulnerabilities in Linux kernel03/04/2015SQL Injection Vulnerability in PiwigoSQL inection vulnerability has been discovered in Piwigo. 02/05/2015Cross-site Scripting Vulnerability in DotNetNukeA cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke. 02/05/2015Cross-site Scripting Vulnerability in Hitachi Command SuiteA cross-site scripting vulnerability was found in Hitachi Command Suite. 02/02/2015Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk HandlingAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-ForwardsAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"An attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Linux Kernel spliceAn attacker can perform a denial of service attack. 01/29/2015Denial of service vulnerability in Python Pillow Module PNG Text Chunks DecompressionAn attacker can perform a denial of service attack. 01/20/2015 |