In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. Date published : 2018-02-09 https://puppet.com/security/cve/CVE-2017-10689 https://access.redhat.com/errata/RHSA-2018:2927
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. Date published : 2018-02-09 https://github.com/croogo/croogo/issues/847
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. Date published : 2018-02-09 https://github.com/Dolibarr/dolibarr/issues/7727
Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client’s details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5...
Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User’s details that can result in denial of service and execution of javascript code. Date published : 2018-02-09 https://github.com/cnvs/canvas/issues/359
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company’s name that can result in denial of service and execution of javascript code. Date published : 2018-02-09 https://github.com/mautic/mautic/issues/5222
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login...
Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. Date published : 2018-02-09 https://www.exploit-db.com/exploits/43991/
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image....
The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation)...
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Date published : 2018-02-09 https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip...
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as...
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to...