Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
Category Archives: Security
Security
CVE-2017-7586
In libsndfile before 1.0.28, an error in the “header_read()” function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-2016-6805
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
CVE-2017-7581
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVE-2017-7583
ILIAS before 5.2.3 has XSS via SVG documents.
Cambium SNMP Security Vulnerabilities
Posted by Karn Ganeshen on Apr 07
Cambium SNMP Security Vulnerabilities
AFFECTED PRODUCTS
Cambium ePMP 1000
Cambium ePMP 2000
Cambium PMP XXX
Cambium ForceXXX models
Potentially all other models
IMPACT
These vulnerabilities may allow an attacker to access device configuration
as well as make unauthorized changes to the device configuration.
Disclosure Timelines
First reported to ICS-CERT – Sep 12, 2017
Latest vendor response – Apr 5, 2017
Fix planned for Q2 2017
Public…
SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities
Posted by Karn Ganeshen on Apr 07
SenNet Data Logger appliances and Electricity Meters Multiple
Vulnerabilities
Note: Vendor has released the fix. Details to be documented in ICS-CERT
Advisory.
About
SenNet is a trademark of Satel Spain that offers monitoring and
remote-control solutions for businesses. Our engineers develop, integrate
and test the products of SenNet in our facilities in Madrid (Spain)….
CVE Request:CSRF in wordpress copysafe web allows attacker changes plugin settings
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID,thank you!;
Details
=======
Software:CopySafe Web
version:<2.6
description:Add copy protection from PrintScreen and screen capture. Copysafe Web uses encrypted images and domain lock
to extend copy protection for all media displayed on a web page.
========
Description
==========
CSRF in wordpress copysafe web allows attacker changes plugin settings
========
POC:
=======
<form…
CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE id, thank you!
Details
======
Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/
=======
Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status
POC:
========
include in the page ,then attack will occur:
delete user:
<img
src=”…
CVE Request:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID with some issues of e107 CMS.
==========================
Title:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4
Author:Zhiyang Zeng
Product:
—————
e107 is a powerful website content management system designed for bootstrap v3 from http://e107.org/get-started
—————
Fix
—————
Fixed in git source code…