Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-2790 — Justsystems Ichitaro: This results in a heap-based buffer overflow and can lead to code execution under
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. CVSSv3.1 8.8 (HIGH)
CVE-2017-2789 — Justsystems Ichitaro: This value is larger than the buffer size, which leads to a heap-based buffer
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writ CVSSv3.1 8.8 (HIGH)
CVE-2016-9975 — Ibm Dashboard_application_services_hub: Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. CVSSv3.1 8.8 (HIGH)
CVE-2016-8974 — Ibm Rational_rhapsody_design_manager: Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. CVSSv3.1 8.1 (HIGH)
CVE-2017-6205 — Dlink Websmart_dgs-1510_series_firmware: D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware befor
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6187 — Disksavvy Disksavvy_enterprise: Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-1245 — Quagga Quagga: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5586 — Opentext Documentum_d2: Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5585 — Opentext Documentum_content_server: Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520. CVSSv3.1 8.8 (HIGH)
CVE-2016-9400 — Teeworlds Teeworlds: The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9684 — Dell Sonicwall_secure_remote_access_server: The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitatio CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9683 — Dell Sonicwall_secure_remote_access_server: The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filen CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9682 — Dell Sonicwall_secure_remote_access_server: The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system() CVSSv3.1 9.8 (CRITICAL)
CVE-2017-3837 — Cisco Meeting_server: An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting
An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid se CVSSv3.1 8.1 (HIGH)
CVE-2017-3835 — Cisco Identity_services_engine_software: A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). CVSSv3.1 8.8 (HIGH)
CVE-2017-2684 — Siemens Simatic_logon: SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. CVSSv3.1 9.0 (CRITICAL)
CVE-2016-9053 — Aerospike Database_server: An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of
An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9051 — Aerospike Database_server: An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6127 — Digisol Dg-hr1400_firmware: Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. CVSSv3.1 8.8 (HIGH)
CVE-2017-6095 — Mail-masta_project Mail-masta: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6070 — Cmsmadesimple Form_builder: CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5959 — Metalgenix Genixcms: CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges.
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9315 — Trendmicro Interscan_web_security_virtual_appliance: Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. CVSSv3.1 8.8 (HIGH)
CVE-2016-9269 — Trendmicro Interscan_web_security_virtual_appliance: Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737. CVSSv3.1 9.9 (CRITICAL)
CVE-2017-2373 — Apple Tvos: It allows remote attackers to execute arbitrary code or cause a denial of service
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVSSv3.1 8.8 (HIGH)