Monthly Archive: July 2018

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer...

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. Date published : 2018-07-16 https://www.exploit-db.com/exploits/45016/...

Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text,...

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version...

The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled. Date published : 2018-07-16...

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD...

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of...

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user’s gpg key. This attack...

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the...

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. Date published : 2018-07-16 http://www.securityfocus.com/bid/104858 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840

pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to...

Command injection vulnerability in SSH of QNAP Q’center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Date published : 2018-07-16 https://www.securityfocus.com/archive/1/542141/100/0/threaded https://www.qnap.com/zh-tw/security-advisory/nas-201807-10

Command injection vulnerability in date of QNAP Q’center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Date published : 2018-07-16 https://www.securityfocus.com/archive/1/542141/100/0/threaded https://www.qnap.com/zh-tw/security-advisory/nas-201807-10

Command injection vulnerability in networking of QNAP Q’center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Date published : 2018-07-16 https://www.securityfocus.com/archive/1/542141/100/0/threaded https://www.qnap.com/zh-tw/security-advisory/nas-201807-10