Monthly Archive: July 2017

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published : 2017-07-14...

Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published : 2017-07-14 http://chitora.com/jvn21369452.html https://jvn.jp/en/jp/JVN21369452/index.html

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published : 2017-07-14...

Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published : 2017-07-14 http://chitora.com/jvn21369452.html https://jvn.jp/en/jp/JVN21369452/index.html

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". Date published : 2017-07-14 https://www.hammock.jp/assetview/info/170714.html http://jvn.jp/en/vu/JVNVU93377948/index.html

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". Date published : 2017-07-14 https://www.hammock.jp/assetview/info/170714.html http://jvn.jp/en/vu/JVNVU93377948/index.html

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. Date published...

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. Date published...

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. Date published...

GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. Date published : 2017-07-14 https://github.com/glpi-project/glpi/issues/2456 https://github.com/glpi-project/glpi/releases/tag/9.1.5

Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. Date published : 2017-07-14 https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. Date...

On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s)....

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the...