The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2018-10310

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim\'s browser.

04/25/2018

CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

04/25/2018

CVE-2017-1750

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.

04/25/2018

CVE-2017-12716

Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

04/25/2018

CVE-2017-12714

Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

04/25/2018

CVE-2017-12712

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

04/25/2018

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

04/24/2018

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.

04/24/2018

CVE-2013-3947

Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.

04/24/2018

CVE-2017-17557

In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.

04/24/2018

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.

04/24/2018

CVE-2013-3947

Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.

04/24/2018

CVE-2018-9131

Reaper 5.78 suffers from a local buffer overflow that allows code execution.

04/24/2018

CVE-2018-9060

R 3.4.4 suffers from a local buffer overflow that allows code execution.

04/24/2018

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone.

04/24/2018

CVE-2018-7931

Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.

04/24/2018

CVE-2018-4832

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions<V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions<SIMATIC BATCH V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions<SIMATIC BATCH V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions<V9.0 SP1), SIMATIC NET PC-Software (All versions), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions<V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions<V9.0 Upd1), SIMATIC WinCC Runtime Professional (All versions<V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions<WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions<V7.4 SP1 Upd4). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality.

04/24/2018

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.

04/24/2018

CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

04/24/2018

CVE-2017-9656

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

04/24/2018

Security News 81 - 100 of 131411
First | Prev. | 3 4 5 6 7 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015