node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. Date published : 2018-02-08 https://github.com/ether/etherpad-lite/commit/626e58cc5af1db3691b41fca7b06c28ea43141b1 https://github.com/ether/etherpad-lite/releases/tag/1.6.3
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. Date published : 2018-02-08 https://github.com/ether/etherpad-lite/commit/a03422b09468cdd5f192b05643311c705447588b https://github.com/ether/etherpad-lite/releases/tag/1.6.3
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely....
SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. Date published : 2018-02-08 http://www.securityfocus.com/bid/103041 http://www.openwall.com/lists/oss-security/2018/02/07/1
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. Date published : 2018-02-08 https://www.exploit-db.com/exploits/43967/ http://packetstormsecurity.com/files/146254/Online-Voting-System-Authentication-Bypass.html
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected...
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value,...
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed....
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the...
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however...
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published : 2018-02-08 https://jvn.jp/en/jp/JVN70615027/index.html
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Date published : 2018-02-08 http://www.futomi.com/library/mpmailec.html#history https://jvn.jp/en/jp/JVN15462187/index.html
Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2018-02-08 JVN#99312352...
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Date published : 2018-02-08 http://www.iodata.jp/support/information/2018/magicalfinder/ https://jvn.jp/en/jp/JVN36048131/index.html