Monthly Archive: December 2017

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. Date published...

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. Date published : 2017-12-29 http://www.securityfocus.com/bid/107970 https://github.com/DozerMapper/dozer/issues/217

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Date published : 2017-12-29 http://www.securityfocus.com/bid/78046 https://bugzilla.redhat.com/show_bug.cgi?id=1172176

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. Date published : 2017-12-29 http://www.securityfocus.com/bid/68671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. Date published : 2017-12-29 http://www.securityfocus.com/bid/68031 http://framework.zend.com/security/advisory/ZF2014-04

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation. Date published : 2017-12-29...

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have...

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. Date published : 2017-12-29 https://bugzilla.redhat.com/show_bug.cgi?id=1072716 https://github.com/hawtio/hawtio/commit/5289715e4f2657562fdddcbad830a30969b96e1e

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running...

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. Date...

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." Date published :...

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when...

Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. Date published : 2017-12-29 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Biometric-Shift-Employee-Management-System.md

Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. Date published : 2017-12-29 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Biometric-Shift-Employee-Management-System.md