This Microsoft bulletin summary holds CVE revision updates for CVE-2018-0886.
e51ebd197ea6a292972cc283deb6e290bab81dfbce17b6d2d413f7c14e85a8b2Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
d75f3d0a19ce67c0ef4401d10592229ac751786b152c2e7cabc741a21e511fcfThis Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).
b166549e96ca5f700cae312fff860951240a2ec47a3b5fe73610d4185f4d4fe2SAP B2B / B2C CRM versions 2.x up to 4.x suffer from a local file inclusion vulnerability.
ae7ab9be834c282d69881f8e350f361caaaf89295f22264b998875dfa369022aDynoRoot DHCP suffers from a client command injection vulnerability.
5ca224367e09bcb54946694a4e955350bd0b8206e2c1cdc3387b1ce19848a17dInfinity Market Classified Ads Script version 1.6.2 suffers from a cross site request forgery vulnerability.
ab26e912992453bc9325a8cecb3a72fd0d60253c3b36863f4a593e0dec2d237ePrime95 version 29.4b8 SEH buffer overflow exploit.
6f24980aab953056ab8e8361cfbf81fc456ecccd33ff8c00cd84a4bf9c17cc97Cisco SA520W Security Appliance suffers from a path traversal vulnerability.
afb1a6c7670d56bdc88e35d408381f90b8a962147c6db0ddc5bfc2888ed9088eMultiple Siemens SIMATIC panels suffer from cross site request forgery and cross site scripting vulnerabilities.
da0552546acfe55d2b43aca2a3821b58dfac3d6a8a188c97da184d13ae5d5031Linux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.
50d39995adad3a015a3b94c0d7b5e9f1f194e700f189b736aefca07019347f73Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.
fb86d007c56bfd6ada33e174da508e6d677ad9d0597953bd1d8e6d7694634532MagniComp SysInfo contains an information exposure vulnerability through debug functionality.
879a6ff414ac55de6ca9ce6b7ca2e8ee7838c3d369cadf9baf7679892f4ab20eDebian Linux Security Advisory 4203-1 - Hans Jerry Illikainen discovered a type conversion vulnerability in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
1551e89b8993803da7f58d5c3f2ab720f8b71d5d221d8e6b3af8d252bf6dbd8aSAP NetWeaver Web Dynpro versions 6.4 up to 7.5 suffer from an information disclosure vulnerability.
3eb279b49f6fddd1bba5f098d3df639d8a0af8406c0289711d827d2153bf6a3cMonstra CMS versions prior to 3.0.4 suffer from a cross site scripting vulnerability.
3410f862ca031b157092e8f4e9143df9bb21b1ec6656c71a5595567cf7fac5bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed