Monthly Archive: May 2018

DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. Date published : 2018-05-24 https://www.exploit-db.com/exploits/44783/ https://github.com/domainmod/domainmod/issues/63

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. Date published : 2018-05-24 https://www.exploit-db.com/exploits/44782/ https://github.com/domainmod/domainmod/issues/63

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. Date published : 2018-05-24 https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf https://www.simpleorsecure.net/simplisafe-security-advisory/

In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. Date published : 2018-05-24 https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf https://www.simpleorsecure.net/simplisafe-security-advisory/

In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. Date published : 2018-05-24 https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf https://www.simpleorsecure.net/simplisafe-security-advisory/

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. Date published : 2018-05-24 https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf https://www.simpleorsecure.net/simplisafe-security-advisory/

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site...

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL...

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA,...

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of...

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer...

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability...

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in...

In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file....