Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27200 of 28220

CVE-2017-11494

Posted by Cyberthreat Blog | Aug 2, 2017 | CVE Notifications |

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.

Attacking NoSQL applications (part 2), (Wed, Aug 2nd)

Posted by Cyberthreat Blog | Aug 2, 2017 | SANS ISC Bulletins |

Last week I was lucky enough to attend SANSFIRE, which is one of the biggest SANS events (I attended the SEC660 course by Tim Medin and just as my personal opinion: this is probably the best course I have ever attended). I also...

CVE-2017-12140

Posted by Cyberthreat Blog | Aug 2, 2017 | CVE Notifications |

The ReadDCMImage function in codersdcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.

CVE-2017-12139

Posted by Cyberthreat Blog | Aug 2, 2017 | CVE Notifications |

XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

CVE-2017-12142

Posted by Cyberthreat Blog | Aug 2, 2017 | CVE Notifications |

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

Author: Cyberthreat Blog

CVE-2017-11494

Attacking NoSQL applications (part 2), (Wed, Aug 2nd)

CVE-2017-12140

CVE-2017-12139

CVE-2017-12142