Monthly Archive: April 2018

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. Date published : 2018-04-18 https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/

A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action...

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user’s browser via a playlist. Date published : 2018-04-18...

Mautic before 2.13.0 allows CSV injection. Date published : 2018-04-18 https://github.com/mautic/mautic/releases/tag/2.13.0

Mautic before v2.13.0 has stored XSS via a theme config file. Date published : 2018-04-18 https://github.com/mautic/mautic/releases/tag/2.13.0

A vulnerability exists in the web services to process SOAP requests in Schneider Electric’s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. Date published : 2018-04-18...

A vulnerability exists in the HTTP request parser in Schneider Electric’s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Date published : 2018-04-18 https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/

An authorization bypass vulnerability exists in Schneider Electric’s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. Date published : 2018-04-18 https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/

A buffer overflow vulnerability exists in Schneider Electric’s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer...

A denial of service vulnerability exists in Schneider Electric’s MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in...

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric’s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices...

An improper authorization vulnerability exists In Schneider Electric’s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a...

An information disclosure vulnerability exists In Schneider Electric’s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a...

An authorization bypass vulnerability exists In Schneider Electric’s 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a...