security.didici.cc

CVE-2018-6883

16 hours ago

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.

CVE-2018-7453

1 day ago

Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.

CVE-2018-7454

1 day ago

A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

CVE-2018-7452

1 day ago

A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

CVE-2018-7455

1 day ago

An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

CVE-2017-18198

1 day ago

print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.

CVE-2018-7456

1 day ago

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPr ...

CVE-2017-18199

1 day ago

realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.

CVE-2018-7434

1 day ago

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class
/ErrorCase.class.php or 3/ucenter_api/code/friend
.php.

CVE-2018-7447

1 day ago

mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable.

CVE-2017-18197

1 day ago

In mxGraphViewImageReader.ja
va in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

CVE-2017-14884

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.

CVE-2017-14910

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overread is possible if there are no newlines in an input file.

CVE-2018-1305

1 day ago

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply t ...

CVE-2017-15861

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_hand
ler, vdev_id is received from firmware and used to access an array without validation.

CVE-2017-17764

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event
_handler() so that an integer overflow vulnerability in a buffer size calculatio ...

CVE-2017-15860

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.

CVE-2017-15829

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.

CVE-2017-15817

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.

CVE-2017-15862

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_st
ats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulner ...

CVE-2017-17765

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf(
) and are used to allocate the sizes of buffers and may be vulnerable to integer ...

CVE-2017-15518

1 day ago

All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgra ...

CVE-2017-17767

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.

CVE-2017-15820

1 day ago

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.

CVE-2018-7333

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rp
crdma.c had an infinite loop that was addressed by validating a chunk size.

CVE-2018-7443

1 day ago

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory functio ...

CVE-2018-7417

1 day ago

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ip
mi-picmg.c by adding support for crafted packets that lack an IPMI header.

CVE-2018-7332

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-re
load.c had an infinite loop that was addressed by validating a length.

CVE-2018-7419

1 day ago

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap
/nbap.cnf by ensuring DCH ID initialization.

CVE-2018-7336

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fc
p.c by checking for a NULL pointer.

CVE-2018-7418

1 day ago

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-si
gcomp.c by correcting the extraction of the length value.

CVE-2018-7335

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.

CVE-2018-7337

1 day ago

In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-doc
sis.c by removing the recursive algorithm that had been used for concatenated PDUs.

CVE-2018-7421

1 day ago

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dm
p.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.

CVE-2018-7334

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-um
ts_mac.c by rejecting a certain reserved value.

CVE-2018-7331

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-be
r.c had an infinite loop that was addressed by validating a length.

CVE-2018-7330

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-th
read.c had an infinite loop that was addressed by using a correct integer data type.

CVE-2018-7420

1 day ago

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.

CVE-2018-7327

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-op
enflow_v6.c had an infinite loop that was addressed by validating property lengths.

CVE-2018-7321

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-th
rift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.

CVE-2018-7320

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-si
gcomp.c by validating operand offsets.

CVE-2017-16769

1 day ago

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

CVE-2018-7322

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dc
m.c had an infinite loop that was addressed by checking for integer wraparound.

CVE-2018-7323

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wc
cp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.

CVE-2018-7325

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rp
ki-rtr.c had an infinite loop that was addressed by validating a length field.

CVE-2018-7328

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-us
b.c had an infinite loop that was addressed by rejecting short frame header lengths.

CVE-2018-7329

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7
comm.c had an infinite loop that was addressed by correcting off-by-one errors.

CVE-2018-7326

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ll
td.c had an infinite loop that was addressed by using a correct integer data type.

CVE-2018-7324

1 day ago

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sc
cp.c had an infinite loop that was addressed by using a correct integer data type.

CVE-2018-7438

1 day ago

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.

CVE-2018-7437

1 day ago

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.

CVE-2018-7441

1 day ago

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in pr ...

CVE-2018-7436

1 day ago

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.

CVE-2018-7435

1 day ago

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.

CVE-2018-7439

1 day ago

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_recor
d.

CVE-2017-18196

1 day ago

Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper ...

CVE-2018-7440

1 day ago

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.

CVE-2018-7442

1 day ago

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.

CVE-2018-6859

1 day ago

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.

CVE-2012-6709

1 day ago

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.

CVE-2014-3205

1 day ago

backupmgt/pre_connect_che
ck.php in Seagate BlackArmor NAS contains a hard-coded password of '[email protected]##$$%FREDESWWSED
' for a backdoor user.

CVE-2014-3206

1 day ago

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/local
Job.php or the auth_name parameter to localhost/backupmgmt/pre_
connect_check.php.

CVE-2018-6764

1 day ago

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

CVE-2018-0519

1 day ago

Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

CVE-2018-0518

1 day ago

LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2018-0520

1 day ago

Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.

CVE-2018-7339

1 day ago

The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibl ...

CVE-2018-6866

1 day ago

Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.

CVE-2018-6867

1 day ago

Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.

CVE-2018-6868

1 day ago

Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.

CVE-2018-6488

2 days ago

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

CVE-2018-6489

2 days ago

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)

CVE-2018-0015

2 days ago

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormi ...

CVE-2018-7318

2 days ago

SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.

CVE-2018-7319

2 days ago

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.

CVE-2018-7316

2 days ago

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.

CVE-2018-7317

2 days ago

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.

CVE-2018-7315

2 days ago

SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.

CVE-2018-7314

2 days ago

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

CVE-2018-7312

2 days ago

SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.

CVE-2018-7301

2 days ago

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.

CVE-2018-7300

2 days ago

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited ...

CVE-2018-7298

2 days ago

In /usr/local/etc/config/add
ons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a priv ...

CVE-2018-7299

2 days ago

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.

CVE-2018-7296

2 days ago

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthen ...

CVE-2018-7297

2 days ago

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attacker ...

CVE-2018-6890

2 days ago

Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.

CVE-2018-1417

2 days ago

Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes for Java Technology 6.0, 6.1, 7.0, 7.1, and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.

CVE-2018-1415

2 days ago

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...

CVE-2018-1414

2 days ago

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 1388 ...

CVE-2018-1391

2 days ago

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.

CVE-2018-1392

2 days ago

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.

CVE-2018-7408

2 days ago

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allo ...

CVE-2018-7409

2 days ago

In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.

CVE-2017-18194

2 days ago

SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.

CVE-2017-5250

2 days ago

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CVE-2017-5249

2 days ago

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CVE-2017-5251

2 days ago

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CVE-2017-18193

2 days ago

fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.

CVE-2018-7313

2 days ago

SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.