Description: Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users...
Read More
Description: RoundCube Webmail is prone to multiple privilege escalation vulnerabilities. RoundCube Webmail versions prior to 1.0.11, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 are vulnerable. Impact: An attackers may exploit these issues to gain elevated privileges. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/98445/info https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
Description: The WP Statistics plugin for WordPress is prone to an unspecified cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Impact: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior...
Read More
Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an...
Read More
Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Impact: A server that relies solely on TSIG keys with no other address-based ACL protection could be vulnerable to malicious...
Read More
