- Advertisement -
Current Threats
Everus.org 1.0.9 Second Factor RedirectionKernel Live Patch Security Notice LSN-0045-1Warranty Tracking System 11.06.3 SQL InjectionHelpdezk 1.1.1 Shell UploadBudabot 4.0 Denial Of ServiceIntel Rapid Storage Technology User Interface And Driver 15.9.0.1015 DLL HijackingDomainMOD 4.11.01 Cross Site ScriptingMumsoft Easy Software 2.0 Denial Of ServiceUbuntu Security Notice USN-3824-1[local] Linux – Broken uid/gid Mapping for Nested User NamespacesEasy Outlook Express Recovery 2.0 Denial Of Service[webapps] DomainMOD 4.11.01 – Cross-Site Scripting[dos] Mumsoft Easy Software 2.0 – Denial of Service (PoC)[dos] Easy Outlook Express Recovery 2.0 – Denial of Service (PoC)[webapps] Helpdezk 1.1.1 – Arbitrary File UploadVuln: Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability[webapps] Warranty Tracking System 11.06.3 – ‘txtCustomerCode’ SQL Injection[local] PHP 5.2.3 imap (Debian Based) – ‘imap_open’ Disable Functions Bypass[local] Webkit (Safari) – Universal Cross-site ScriptingLinux Broken UID/GID Mapping[local] Webkit (Chome < 61) – 'MHTML' Universal Cross-site Scripting[webapps] EverSync 0.5 – Arbitrary File Download[dos] Notepad3 1.0.2.350 – Denial of Service (PoC)[papers] The Powerful Resource of PHP Stream Wrappers[webapps] Kordil EDMS 2.2.60rc3 – Arbitrary File Upload[webapps] Simple E-Document 1.31 – ‘username’ SQL Injection[webapps] PHP Mass Mail 1.0 – Arbitrary File Upload[webapps] WordPress Plugin Ninja Forms 3.3.17 – Cross-Site Scripting[webapps] 2-Plan Team 1.0.4 – Arbitrary File Upload[webapps] Meneame English Pligg 5.8 – ‘search’ SQL Injection[webapps] PHP-Proxy 5.1.0 – Local File InclusionVuln: Asterisk Open Source Remote Buffer Overflow Vulnerability[webapps] BitZoom 1.0 – ‘rollno’ SQL InjectionVuln: Amazon PayFort payfort-php-SDK Multiple Cross Site Scripting Vulnerabilities[webapps] Net-Billetterie 2.9 – ‘login’ SQL InjectionVuln: Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability[webapps] Galaxy Forces MMORPG 0.5.8 – ‘type’ SQL Injection[webapps] Precurio Intranet Portal 2.0 – Cross-Site Request Forgery (Add Admin)[remote] Atlassian Jira – Authenticated Upload Code Execution (Metasploit)[webapps] Pedidos 1.0 – SQL Injection[webapps] Electricks eCommerce 1.0 – Persistent Cross-Site Scripting[webapps] DoceboLMS 1.2 – SQL Injection / Arbitrary File Upload[dos] Bosch Video Management System 8.0 – Configuration Client Denial of Service (PoC)[webapps] Rmedia SMS 1.0 – SQL Injection[webapps] Dell OpenManage Network Manager 6.2.0.51 SP3 – Multiple Vulnerabilities[webapps] Advanced Comment System 1.0 – SQL InjectionVuln: Siemens SIMATIC Panels Multiple Security Vulnerabilities[local] SwitchVPN for macOS 2.1012.03 – Privilege Escalation[webapps] Surreal ToDo 0.6.1.2 – Local File Inclusion[webapps] Alienor Web Libre 2.0 – SQL InjectionVuln: Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities[local] XAMPP Control Panel 3.2.2 – Buffer Overflow (SEH) (Unicode)Vuln: Dell OpenManage Network Manager CVE-2018-15768 Remote Privilege Escalation Vulnerability[local] ntpd 4.2.8p10 – Out-of-Bounds Read (PoC)Vuln: OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability[webapps] EdTv 2 – ‘id’ SQL InjectionVuln: TIBCO DataSynapse GridServer Manager CVE-2018-12416 Cross Site Request Forgery Vulnerability[dos] AMPPS 2.7 – Denial of Service (PoC)Vuln: Dell OpenManage Network Manager CVE-2018-15767 Authorization Bypass Vulnerability[webapps] Electricks eCommerce 1.0 – Cross-Site Request Forgery (Change Admin Password)[webapps] Helpdezk 1.1.1 – ‘query’ SQL Injection[webapps] iServiceOnline 1.0 – ‘r’ SQL Injection[dos] Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 – Denial of Service[webapps] Musicco 2.0.0 – Arbitrary Directory Download[webapps] Data Center Audit 2.6.2 – Cross-Site Request Forgery (Update Admin)SwitchVPN For MacOS / Windows 2.1012.03 Man-In-The-Middle[webapps] Tina4 Stack 1.0.3 – SQL Injection / Database File DownloadUbuntu Security Notice USN-3817-1[webapps] Tina4 Stack 1.0.3 – Cross-Site Request Forgery (Update Admin)Atlassian Jira Authenticated Upload Code Execution[webapps] Easyndexer 1.0 – Arbitrary File Download[webapps] Silurus Classifieds Script 2.0 – ‘wcategory’ SQL Injection[webapps] ClipperCMS 1.3.3 – Cross-Site Request Forgery (File Upload)Vuln: SAP Fiori Client CVE-2018-2485 Multiple Unspecified Security Vulnerabilities[webapps] Alive Parish 2.0.4 – SQL Injection / Arbitrary File UploadVuln: Microsoft Team Foundation Server CVE-2018-8529 Remote Code Execution Vulnerability[webapps] Webiness Inventory 2.3 – Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)Vuln: SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability[webapps] Webiness Inventory 2.3 – SQL InjectionVuln: Adobe Flash Player Out-Of-Bounds Read CVE-2018-15978 Information Disclosure Vulnerability[webapps] SIPve 0.0.2-R19 – SQL InjectionVuln: Adobe Acrobat and Reader CVE-2018-15979 Information Disclosure Vulnerability[webapps] Maitra Mail Tracking System 1.7.2 – SQL Injection / Database File DownloadVuln: SAP Basis CVE-2018-2478 Remote Code Execution Vulnerability[webapps] ABC ERP 0.6.4 – Cross-Site Request Forgery (Update Admin)Vuln: SAP BusinessObjects Business Intelligence CVE-2018-2483 Security Bypass VulnerabilityUbuntu Security Notice USN-3814-1[webapps] Gumbo CMS 0.99 – SQL InjectionVuln: SAP NetWeaver Knowledge Management CVE-2018-2477 XML External Entity Injection VulnerabilityUbuntu Security Notice USN-3815-1[local] xorg-x11-server < 1.20.1 – Local Privilege EscalationVuln: IBM DB2 Multiple Privilege Escalation VulnerabilitiesUbuntu Security Notice USN-3815-2[dos] CuteFTP Mac 3.1 – Denial of Service (PoC)Advanced Comment System 1.0 SQL InjectionNetscape Enterprise 3.63 Cross Site ScriptingVignette Content Management 6 Security BypassDell EMC RecoverPoint Information Disclosure / Resource ConsumptionWordPress WP User Manager 2.0.8 SQL InjectionWordPress PeepSo 1.11.2 SQL Injection

Cyber Watch

- Advertisement -

Deeper Learning

Black Friday alert

FLARE VM Update

IT threat evolution Q3 2018