Description: Vanilla Forums software (including the latest stable version of 2.3 in its default configuration) is affected by * Host Header Injection CVE-2016-10073 which can be exploited by unauthenticated remote attackers to potentially intercept password reset hash and gain unauthorized access to the victim account or perform web-cache poisoning attacks. Impact: With victim user interaction, attacker could potentially intercept the password reset hash. This vulnerability...
Read More
Description: LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. Impact: As an impact it is known to affect confidentiality, integrity, and availability. Mitigation: Updates are available. Please see the references for more information. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8358 https://www.libreoffice.org/about-us/security/advisories/ https://security-tracker.debian.org/tracker/CVE-2017-8358 https://access.redhat.com/security/cve/cve-2017-8358 https://bugzilla.redhat.com/show_bug.cgi?id=1447279 https://www.suse.com/security/cve/CVE-2017-8358/
Description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. Impact: An SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites. Mitigation: Upgrade to version 3.7.1. Please check specific vendor advisory...
Read More
Description: WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of...
Read More
Description: Microsoft Windows SMB Server is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Related CVE’s: CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148 Vulnerable Versions: Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Vista Service Pack 2 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012...
Read More
