Monthly Archive: February 2018

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. Date published : 2018-02-13...

A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid...

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that...

In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component’s length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. Date published :...

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Date published : 2018-02-13 http://www.securityfocus.com/bid/103047 https://security.gentoo.org/glsa/201904-17

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a...

In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However,...

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. Date published : 2018-02-13 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef

A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. Date...

PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. Date published : 2018-02-13 https://www.exploit-db.com/exploits/44030/

The VBWinExec function in NodeAspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). Date published : 2018-02-13 https://www.exploit-db.com/exploits/44031/

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. Date published : 2018-02-13 https://github.com/kongxin520/DedeCMS/blob/master/DedeCMS_5.7_Bug.md

Arbitrary File Read in Saperion Web Client version 7.5.2 83166. Date published : 2018-02-13 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/02/09/klcert-18-002-saperion-webclient-multiple-vulnerabilities-arbitrary-file-read-in-saperion-web-client/ https://ics-cert.kaspersky.com/alerts/2018/02/12/multiple-vulnerabilities-found-in-popular-document-management-system/

Remote Code Execution in Saperion Web Client version 7.5.2 83166. Date published : 2018-02-13 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/02/09/klcert-18-001-saperion-webclient-multiple-vulnerabilities-remote-code-execution-with-system-user-privileges-in-saperion-web-client/ https://ics-cert.kaspersky.com/alerts/2018/02/12/multiple-vulnerabilities-found-in-popular-document-management-system/