Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2018-08-29 http://www.securityfocus.com/bid/105069...
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a...
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of...
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. Date published : 2018-08-28 https://www.phpmyfaq.de/security/advisory-2014-09-16 http://techdefencelabs.com/security-advisories.html
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. Date published : 2018-08-28 https://www.phpmyfaq.de/security/advisory-2014-09-16 http://techdefencelabs.com/security-advisories.html
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. Date published : 2018-08-28 https://www.phpmyfaq.de/security/advisory-2014-09-16 http://techdefencelabs.com/security-advisories.html
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. Date published : 2018-08-28 https://www.phpmyfaq.de/security/advisory-2014-09-16 http://techdefencelabs.com/security-advisories.html
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens...
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. Date published : 2018-08-28 https://www.phpmyfaq.de/security/advisory-2014-09-16 http://techdefencelabs.com/security-advisories.html
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php. Date published : 2018-08-28 Changelog...
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Date published : 2018-08-28 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/780484
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Date published : 2018-08-28 http://www.securityfocus.com/bid/102196...
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. Date published : 2018-08-28...
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Date published : 2018-08-28 https://www.debian.org/security/2017/dsa-4064 https://security.gentoo.org/glsa/201801-03