Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27395 of 28407

CVE-2017-12066

Posted by Cyberthreat Blog | Aug 1, 2017 | CVE Notifications |

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the...

CVE-2017-12067

Posted by Cyberthreat Blog | Aug 1, 2017 | CVE Notifications |

Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.

Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st)

Posted by Cyberthreat Blog | Jul 31, 2017 | SANS ISC Bulletins |

Ive had a number of people ask how they can find services on their network that still support SMBv1. In an AD Domain you can generally have good control of patching and the required registry keys to disable SMBv1. However, for...

CVE-2017-11727

Posted by Cyberthreat Blog | Jul 31, 2017 | CVE Notifications |

services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.

CVE-2017-11648

Posted by Cyberthreat Blog | Jul 31, 2017 | CVE Notifications |

Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.

Author: Cyberthreat Blog

CVE-2017-12066

CVE-2017-12067

Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st)

CVE-2017-11727

CVE-2017-11648