A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. Date published : 2018-06-18 http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. Date published : 2018-06-18 http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. Date published : 2018-06-18 http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. Date published : 2018-06-18 http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. Date published : 2018-06-18 http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. Date published : 2018-06-18 http://www.securityfocus.com/bid/104496 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01–security-notice-for-ca-privileged-access-manager.html
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). Date published :...
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. Date published : 2018-06-18 https://wordpress.org/plugins/quick-chat/#developers
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. Date...
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource’s resource request, aka RF-14309. Date published : 2018-06-18...
An issue was discovered in MetInfo 6.0.0. installindex.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. Date published : 2018-06-18 https://github.com/summ3rf/Vulner/blob/master/Metinfo.md
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. Date published : 2018-06-18 https://github.com/summ3rf/Vulner/blob/master/Metinfo.md
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. Date published : 2018-06-18 https://www.exploit-db.com/exploits/44910/ https://pastebin.com/eA5tGKf0
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. Date published : 2018-06-18 https://www.exploit-db.com/exploits/44910/ https://pastebin.com/eA5tGKf0