- Advertisement -
Current Threats
[local] Any Sound Recorder 2.93 – Buffer Overflow (SEH)[local] Git Submodule – Arbitrary Code ExecutionVuln: FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability[webapps] BigTree CMS 4.2.23 – Cross-Site ScriptingVuln: OpenSSL CVE-2018-0739 Denial of Service Vulnerability[remote] FLIR AX8 Thermal Camera 1.32.16 – Hard-Coded CredentialsVuln: FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability[webapps] Time and Expense Management System 3.0 – Cross-Site Request Forgery (Add Admin)Vuln: Apache Tomcat CVE-2018-1305 Security Bypass VulnerabilityVuln: RESTEasy Incomplete Fix XML Entity References Information Disclosure VulnerabilityVuln: Apache Log4j CVE-2017-5645 Remote Code Execution VulnerabilityVuln: Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution VulnerabilityVuln: Oracle WebLogic Server Multiple Remote Security VulnerabilitiesVuln: Oracle Java SE/Java SE Embedded CVE-2018-3211 Local Security Vulnerability[webapps] Navigate CMS 2.8.5 – Arbitrary File Download[dos] Microsoft Windows – ‘FSCTL_FIND_FILES_BY_SID’ Information Disclosure[local] Solaris – RSH Stack Clash Privilege Escalation (Metasploit)[local] VLC Media Player – MKV Use-After-Free (Metasploit)[webapps] Library CMS 2.1.1 – Cross-Site ScriptingUbuntu Security Notice USN-3792-2[webapps] GIU Gallery Image Upload 0.3.1 – ‘category’ SQL InjectionVuln: SAP Plant Connectivity Multiple Denial of Service VulnerabilitiesMicrosoft Windows FSCTL_FIND_FILES_BY_SID Information Disclosure[webapps] Heatmiser Wifi Thermostat 1.7 – Credential Disclosure[webapps] Vishesh Auto Index 3.1 – ‘fid’ SQL Injection[webapps] WordPress Plugin Support Board 1.2.3 – Cross-Site Scripting[webapps] Rukovoditel Project Management CRM 2.3 – ‘path’ SQL Injection[webapps] MV Video Sharing Software 1.2 – ‘searchname’ SQL Injection[webapps] Kados R10 GreenBee – ‘release_id’ SQL Injection[webapps] HotelDruid 2.2.4 – ‘anno’ SQL Injection[papers] [Hebrew] Digital Whisper Security Magazine #98[papers] [Hebrew] Digital Whisper Security Magazine #99Academic Timetable Final Build 7.0b Cross Site Request Forgery[webapps] Centos Web Panel 0.9.8.480 – Multiple VulnerabilitiesCollege Notes Management System 1.0 SQL Injection[remote] NoMachine < 5.3.27 – Remote Code ExecutionMaxOn ERP Software 8.x / 9.x SQL Injection[webapps] Academic Timetable Final Build 7.0 – Information Disclosure[webapps] KORA 2.7.0 – ‘cid’ SQL InjectionCentos Web Panel 0.9.8.480 XSS / LFI / Code ExecutionAdvanced HRM 1.6 Remote Code ExecutionFLIR Systems FLIR AX8 Thermal Camera 1.32.16 RTSP Stream DisclosureFLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File DisclosureUbuntu Security Notice USN-3790-1FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell AccessFLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure[webapps] FLIR AX8 Thermal Camera 1.32.16 – Arbitrary File DisclosureFLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure[webapps] FLIR Brickstream 3D+ 2.1.742.1842 – Config File DisclosureVuln: IBM DB2 CVE-2017-1452 Local Privilege Escalation VulnerabilitySolaris RSH Stack Clash Privilege Escalation[webapps] Academic Timetable Final Build 7.0b – Cross-Site Request Forgery (Add Admin)Vuln: Multiple IBM DB2 Products CVE-2017-1438 Local Privilege Escalation Vulnerability[webapps] AlchemyCMS 4.1 – Cross-Site ScriptingVuln: IBM DB2 Products CVE-2017-1519 Denial of Service Vulnerability[webapps] FLIR AX8 Thermal Camera 1.32.16 – Remote Code ExecutionVuln: Multiple IBM DB2 CVE-2017-1105 Local Buffer Overflow Vulnerability[webapps] FLIR Brickstream 3D+ – RTSP Stream DisclosureVuln: IBM DB2 CVE-2017-1677 Local Arbitrary Code Execution Vulnerability[webapps] College Notes Management System 1.0 – ‘user’ SQL InjectionVuln: IBM DB2 CVE-2018-1428 Local Information Disclosure Vulnerability[webapps] MaxOn ERP Software 8.x-9.x – ‘nomor’ SQL InjectionVuln: IBM DB2 CVE-2018-1448 Local Privilege Escalation Vulnerability[webapps] FLIR AX8 Thermal Camera 1.32.16 – RTSP Stream Disclosure[webapps] Advanced HRM 1.6 – Remote Code Execution[local] Snes9K 0.0.9z – Buffer Overflow (SEH)[webapps] Academic Timetable Final Build 7.0a-7.0b – ‘id’ SQL InjectionHaPe PKH 1.1 SQL InjectionCockpit CMS CSRF / XSS / Path TraversalPhoenix Contact WebVisit 2985725 Authentication BypassTeltonika RUT9XX Unauthenticated OS Command InjectionD-Link DSL-2640T Cross Site ScriptingHaPe PKH 1.1 Cross Site Request ForgeryTeltonika RUT9XX Missing Access Control To UART Root TerminalHaPe PKH 1.1 Shell UploadTeltonika RUT9XX Reflected Cross Site ScriptingSugarCRM 6.5.26 Cross Site Scripting[webapps] HaPe PKH 1.1 – ‘id’ SQL InjectionUbuntu Security Notice USN-3791-1[webapps] HaPe PKH 1.1 – Arbitrary File UploadNoMachine 5.3.26 Remote Code Execution[webapps] FluxBB < 1.5.6 – SQL Injection[webapps] SugarCRM 6.5.26 – Cross-Site ScriptingVuln: Oracle October 2018 Critical Patch Update Multiple Vulnerabilities[webapps] Phoenix Contact WebVisit 2985725 – Authentication Bypass[webapps] HaPe PKH 1.1 – Cross-Site Request Forgery (Update Admin)[webapps] CAMALEON CMS 2.4 – Cross-Site Scripting[webapps] LUYA CMS 1.0.12 – Cross-Site ScriptingVuln: Multiple Siemens Products CVE-2017-12069 XML External Entity Injection VulnerabilityVuln: SAP HANA CVE-2018-2465 Denial of Service VulnerabilityLUYA CMS 1.0.12 Cross Site ScriptingCAMALEON CMS 2.4 Cross Site ScriptingWireshark Analyzer 2.6.4Ubuntu Security Notice USN-3789-1Ubuntu Security Notice USN-3788-1[webapps] WAGO 750-881 01.09.18 – Cross-Site Scripting[webapps] E-Registrasi Pencak Silat 18.10 – ‘id_partai’ SQL Injection[webapps] Microsoft SQL Server Management Studio 17.9 – XML External Entity InjectionVuln: OpenSSL CVE-2017-3732 Information Disclosure Vulnerability[webapps] jQuery-File-Upload 9.22.0 – Arbitrary File Upload

Cyber Watch

- Advertisement -

Deeper Learning