Description: Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users...
Read More
Description: RoundCube Webmail is prone to multiple privilege escalation vulnerabilities. RoundCube Webmail versions prior to 1.0.11, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 are vulnerable. Impact: An attackers may exploit these issues to gain elevated privileges. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/98445/info https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
Description: The WP Statistics plugin for WordPress is prone to an unspecified cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Impact: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior...
Read More
Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an...
Read More
Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Impact: A server that relies solely on TSIG keys with no other address-based ACL protection could be vulnerable to malicious...
Read More
Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of...
Read More
Description: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. Impact: An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely...
Read More