Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
Category Archives: Security
Security
CVE-2017-7456
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
CVE-2017-7455
Moxa MXView 2.8 allows remote attackers to read web server’s private key file, no access control.
HP Security Bulletin HPESBGN03728 1
HP Security Bulletin HPESBGN03728 1 – Potential security vulnerabilities in OpenSSL have been addressed in HPE Operations Agent. These vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) and/or Unauthorized Access to Data. Revision 1 of this advisory.
Slackware Security Advisory – bind Updates
Slackware Security Advisory – New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.