NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface. Date published...
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to...
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via...
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. Date published : 2018-06-22 http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. Date published : 2018-06-22 http://www.securityfocus.com/bid/104542 http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory2.asc
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. Date published : 2018-06-22 https://www.exploit-db.com/exploits/44926/
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. Date published : 2018-06-22 https://github.com/syoyo/tinyexr/issues/83
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. Date published : 2018-06-22 https://github.com/syoyo/tinyexr/issues/84
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. Date published : 2018-06-22 https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552 https://github.com/civetweb/civetweb/issues/633
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. Date...
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. Date published : 2018-06-22 https://github.com/slims/slims8_akasia/issues/103
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. Date published : 2018-06-22 https://github.com/slims/slims8_akasia/issues/102
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. Date published : 2018-06-22 https://github.com/slims/slims8_akasia/issues/101
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. Date published : 2018-06-22 https://github.com/slims/slims8_akasia/issues/100