WordPress Feed-Statistics plugin versions 4.1 and below suffer from an open redirection vulnerability.
e5273a79600b57aa31dd4d83857b93923ae02c05119a8525daf5039584d5501c
WordPress Grifus theme version 4.0.1 suffers from a cross site scripting vulnerability.
e9afb3cf60c90dfd8072595f8efd0b8b44b80320c8f00ad18b4c3c3d7b284f3c
Netis-WF2419 version 2.2.36123 suffers from an html injection issue.
f2032ecfed04b20aaea0167b0a5594b0bba665f9b37b8220d3ddc6c7474cce7e
BEIMS ContractorWeb version 5.18.0.0 suffers from a remote SQL injection vulnerability.
4e9c588be370b4062d5e0613f8a0132ec3ff17ae983e1a82876eaab238383a6f
This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.
453452b6c39fc4137d17372c00e57358247a6b6b2880964c69ec6f1e59572af4
It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.
d98ff684017e5e946a7321065ff44ae71f7be8af943150e911e3bcb6d1916735
Red Hat Security Advisory 2017-3490-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
063aa42d2af5b317a96e97efaea11552d50af6f7771cc01899ff970dc90a99c4
Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.
ca7402f15984a9fbec8de52f641b9a0f24e69d0bbb83ed78265dea987fe28a4e
WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.
ceebba5fe05822f2aed40f89dcf1eae396edc70cb0cce7c3a2bef71dbd85c27d
WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.
5ebc96aa13a10adda66518346705b8e9024837bd689de7ed6a5a146a5ade57af
WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.
5139d3b7007de8de1d23c142524608fdb64d444d2503253eff3624ff9362d9d2
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.
7330f87f7a3667cb6fa598a2593142faa0353408372b85307781681e8b6ed07f
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
646173f5e81a1f63cb65e0e58738fb57ac62c8835c609e27e0a0a795b6dbd637
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
ae6b1807725083901c6a9501a476db389ad391985032e1b233e714bc82349172
WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.
491e52f7852755e7029e0188400d67003a5d9a69543fdd91e42c7ab58563697f
EMC Isilon OneFS requires a security update to address an issue that may potentially allow NFS clients to access certain NFS exports using a weaker authentication flavor when default NFS export settings are modified.
2742a8ffcef95a8e023a78f43f34950ad54b1bba89d6fe49410cccd2cfc50ddf
EMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.
6374f5d7456b80eb09d37970db7dadebea51f50a17d57d392e6ff189cbc5fee8
Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.
204786b1402fdbec34ba89ae4fe9ceed678dd3d6096ef0880cd0a2f1ff6cb00d
Genexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.
655a32ed49ee22745ac8ca02bd5c3c53a21a5bfbaacf074229b041503865e94a
This advisory describes a buffer overflow found in Huawei P8 Lite ALE-21 HI621sft, operating system versions EMUI 3.1 - wkupccpu debugfs driver.
d40d38e0a9f14578c574f26fe0869def5ba0555d6b646ec1c96d3aea5c4ed0ce
B-Sides Ljubljana will be held March 10th, 2018 in Ljubljana, Slovenia.
75dbe608b259f7af46e607005c25a461191ae85ac18fc61d3d7cca58690f0231
Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.
a28797336445a321ee3b9f535cf1f6527d20a26299595c9bcfc659a304c665cd
Palo Alto Networks PAN-OS versions before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
7be48f21d06d8e8fb84d281ea3b5bbbd64537ad06a4e2cece5e4add5ee476653
Joomla! NextGen Editor component version 2.1.0 suffers from a remote SQL injection vulnerability.
52af61736d740de8c66194d01206bf54c6c6ef4d9a32676a8ae038bc8e9120a3
BrightSign Digital Signage suffers from cross site scripting, directory traversal, and file upload vulnerabilities.
678a401a7541d4d0addd1eeaee281beaed46829a9f840998ee351e02911c92dd