NuytsTech Security

Monthly Archive: February 2019

CVE-2018-16484

A XSS vulnerability was found in module m-server

CVE-2018-16483

A deficiency in the access control in module express-cart

CVE-2018-16482

A server directory traversal vulnerability was found on node module mcstatic

CVE-2018-16481

A XSS vulnerability was found in html-page

CVE-2018-16480

A XSS vulnerability was found in module public

CVE-2018-16479

Path traversal vulnerability in http-live-simulator

CVE-2018-15617

A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to...

CVE-2018-0722

Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on...

CVE-2019-7308

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. Date...

CVE-2019-7300

Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line...

CVE-2019-7298

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API...