Monthly Archive: June 2019

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature’s use of Save.cgi to execute a ping command, as exploited in the wild in...

** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional." Date published : 2019-06-18 https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca https://github.com/netdata/netdata/pull/4521

An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. Date published : 2019-06-18 https://github.com/netdata/netdata/pull/4521 https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. Date published : 2019-06-18 https://github.com/netdata/netdata/pull/4521 https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L367-L370

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. Date published : 2019-06-18 https://github.com/netdata/netdata/pull/4521 https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L388

The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit. Date published : 2019-06-18 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45718

A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a...

OX App Suite 7.10.1 and earlier allows Information Exposure. Date published : 2019-06-18 https://www.open-xchange.com/

An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter. Date published : 2019-06-18 Home

IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM...

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Date published : 2019-06-18 https://www.tenable.com/security/research/tra-2019-28

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Date published : 2019-06-18 https://www.tenable.com/security/research/tra-2019-17

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial...

i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl...