ATENTIONβΌ New - CVE-2018-19860
π Read
via "National Vulnerability Database".
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19802
π Read
via "National Vulnerability Database".
aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19801
π Read
via "National Vulnerability Database".
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19800
π Read
via "National Vulnerability Database".
aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19465
π Read
via "National Vulnerability Database".
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19462
π Read
via "National Vulnerability Database".
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19461
π Read
via "National Vulnerability Database".
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19452
π Read
via "National Vulnerability Database".
A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19451
π Read
via "National Vulnerability Database".
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.π Read
via "National Vulnerability Database".
π 5 reasons why you should use a password manager π
π Read
via "Security on TechRepublic".
Need a reason to use a password manager? How about five?π Read
via "Security on TechRepublic".
TechRepublic
5 Reasons Why You Should Use a Password Manager
A password manager securely stores and auto-fills passwords. Learn why using a password manager boosts security, saves time, and protects accounts.
π΄ Vulnerability Found in Millions of Email Systems π΄
π Read
via "Dark Reading: ".
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Found in Millions of Email Systems
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
β Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover β
π Read
via "Threatpost".
Time's up on public disclosure of six serious bugs impacting the vendorβs IPM-721S model security camera.π Read
via "Threatpost".
Threat Post
Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover
Time's up on public disclosure of six serious bugs impacting the vendorβs IPM-721S model security camera.
π΄ Dark Web Becomes a Haven for Targeted Hits π΄
π Read
via "Dark Reading: ".
Malware on the Dark Web is increasingly being customized to target specific organizations and executives.π Read
via "Dark Reading: ".
Darkreading
Dark Web Becomes a Haven for Targeted Hits
Malware on the Dark Web is increasingly being customized to target specific organizations and executives.
ATENTIONβΌ New - CVE-2018-10703
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10702
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10701
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10700
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10699
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10698
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10697
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10696
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.π Read
via "National Vulnerability Database".