Monthly Archive: February 2018

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. Date published : 2018-02-01 https://github.com/dignajar/nibbleblog/issues/120

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute...

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x...

Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Date published : 2018-02-01 https://plugins.trac.wordpress.org/changeset/1802137/#file1 https://jvn.jp/en/jp/JVN30636823/index.html

Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors. Date published : 2018-02-01 http://dbit.web.fc2.com/ https://jvn.jp/en/jp/JVN91393903/index.html

Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. Date published : 2018-02-01 http://dbit.web.fc2.com/ https://jvn.jp/en/jp/JVN91393903/index.html

Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Date published : 2018-02-01 http://dbit.web.fc2.com/ https://jvn.jp/en/jp/JVN91393903/index.html