In libsndfile before 1.0.28, an error in the “flac_buffer_copy()” function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
Category Archives: Security
Security
CVE-2017-7584
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
CVE-2016-6805
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
CVE-2017-7581
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVE-2017-7583
ILIAS before 5.2.3 has XSS via SVG documents.
Carlo Gavazzi VMUC-EM – Multiple Vulnerabilities
Posted by Karn Ganeshen on Apr 07
*VMU-C Web-Server solution for photovoltaic applications*
VMU-C EM is a data logger system for small to medium projects, VMUC-Y EM is
a hardware data aggregator for medium to larger projects and Em2 Server is
a software solution for large projects. They are designed to complement the
extensive line of Carlo Gavazzi energy meters and current transformers.
*ICS-CERT advisory*
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
*CVE-IDs*…
Cambium SNMP Security Vulnerabilities
Posted by Karn Ganeshen on Apr 07
Cambium SNMP Security Vulnerabilities
AFFECTED PRODUCTS
Cambium ePMP 1000
Cambium ePMP 2000
Cambium PMP XXX
Cambium ForceXXX models
Potentially all other models
IMPACT
These vulnerabilities may allow an attacker to access device configuration
as well as make unauthorized changes to the device configuration.
Disclosure Timelines
First reported to ICS-CERT – Sep 12, 2017
Latest vendor response – Apr 5, 2017
Fix planned for Q2 2017
Public…
SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities
Posted by Karn Ganeshen on Apr 07
SenNet Data Logger appliances and Electricity Meters Multiple
Vulnerabilities
Note: Vendor has released the fix. Details to be documented in ICS-CERT
Advisory.
About
SenNet is a trademark of Satel Spain that offers monitoring and
remote-control solutions for businesses. Our engineers develop, integrate
and test the products of SenNet in our facilities in Madrid (Spain)….
CVE Request:CSRF in wordpress copysafe web allows attacker changes plugin settings
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID,thank you!;
Details
=======
Software:CopySafe Web
version:<2.6
description:Add copy protection from PrintScreen and screen capture. Copysafe Web uses encrypted images and domain lock
to extend copy protection for all media displayed on a web page.
========
Description
==========
CSRF in wordpress copysafe web allows attacker changes plugin settings
========
POC:
=======
<form…
CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE id, thank you!
Details
======
Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/
=======
Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status
POC:
========
include in the page ,then attack will occur:
delete user:
<img
src=”…