Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27208 of 28220

CVE-2017-12067

Posted by Cyberthreat Blog | Aug 1, 2017 | CVE Notifications |

Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.

Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st)

Posted by Cyberthreat Blog | Jul 31, 2017 | SANS ISC Bulletins |

Ive had a number of people ask how they can find services on their network that still support SMBv1. In an AD Domain you can generally have good control of patching and the required registry keys to disable SMBv1. However, for...

CVE-2017-11727

Posted by Cyberthreat Blog | Jul 31, 2017 | CVE Notifications |

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.

CVE-2017-11648

Posted by Cyberthreat Blog | Jul 31, 2017 | CVE Notifications |

Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.

CVE-2017-11726

Posted by Cyberthreat Blog | Jul 31, 2017 | CVE Notifications |

services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.

Author: Cyberthreat Blog

CVE-2017-12067

Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st)

CVE-2017-11727

CVE-2017-11648

CVE-2017-11726