2018-01-16

 
RSS for product
CVE-2018-5728
 
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.

 
RSS for product
CVE-2018-5727
 
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

 
RSS for product
CVE-2018-5726
 
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.

 
RSS for product
CVE-2018-5725
 
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.

 
RSS for product
CVE-2018-5724
 
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.

 
RSS for product
CVE-2018-5723
 
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.

 
RSS for product
CVE-2018-5299
 
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.

 
RSS for product
CVE-2017-17947
 
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.

 
RSS for product
CVE-2018-5715
 
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

 
RSS for product
CVE-2018-5714
 
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.

 
RSS for product
CVE-2018-5713
 
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.

 
RSS for product
CVE-2018-5370
 
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.

 
RSS for product
CVE-2018-5330
 
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.

 
RSS for product
CVE-2018-1000004
 
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

 
RSS for product
CVE-2017-8802
 
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.

 
RSS for product
CVE-2017-17429
 
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

 
RSS for product
CVE-2017-16557
 
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

 
RSS for product
CVE-2017-16556
 
In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.

 
RSS for product
CVE-2017-16555
 
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

 
RSS for product
CVE-2017-16554
 
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

 
RSS for product
CVE-2017-16553
 
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

 
RSS for product
CVE-2017-16552
 
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

 
RSS for product
CVE-2017-16551
 
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

 
RSS for product
CVE-2017-16550
 
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

 
RSS for product
CVE-2017-16549
 
K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

 


Copyright 2018, cxsecurity.com

 

Back to Top