CVE-2018-12632

Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.

Leave a comment Continue Reading →

CVE-2018-12631

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.

Leave a comment Continue Reading →

CVE-2018-12630

NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.

Leave a comment Continue Reading →

CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the “$cfg[‘AllowArbitraryServer’] […]

Leave a comment Continue Reading →

CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Leave a comment Continue Reading →

CVE-2018-12581

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

Leave a comment Continue Reading →

CVE-2018-12617

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the […]

Leave a comment Continue Reading →

CVE-2018-7683

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

Leave a comment Continue Reading →

CVE-2018-7679

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.

Leave a comment Continue Reading →

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.

Leave a comment Continue Reading →