An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the...
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. Date published...
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages...
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Date published...
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Date...
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055. Date published :...
The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the...
BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. Date published : 2018-06-08 http://bird.network.cz https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file. Date published :...
tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. Date published : 2018-06-08 https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. Date published : 2018-06-08 https://www.exploit-db.com/exploits/44866/ https://github.com/unh3x/just4cve/issues/2
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. Date published : 2018-06-08 https://www.exploit-db.com/exploits/44874/ https://github.com/unh3x/just4cve/issues/4
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. Date published : 2018-06-08 https://www.exploit-db.com/exploits/44870/ https://github.com/unh3x/just4cve/issues/6
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. Date published : 2018-06-08 https://www.exploit-db.com/exploits/44873/ https://github.com/unh3x/just4cve/issues/3