MCO Security CERT Global
- CVE-2018-18777Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass ... read more
- CVE-2018-18777Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass ... read more
- CVE-2018-18775Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp ... read more
- CVE-2018-18775Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp ... read more
- CVE-2018-6908Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing ... read more
- CVE-2018-6908Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing ... read more
- CVE-2018-6909Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be ... read more
- CVE-2018-6909Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be ... read more
- CVE-2018-6907Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web ... read more
- CVE-2018-6907Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web ... read more
- CVE-2018-18714Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL ... read more
- CVE-2018-18714Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL ... read more
- CVE-2018-18776Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ... read more
- CVE-2018-18776Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ... read more
- CVE-2018-10586Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. ... read more
- CVE-2018-10586Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. ... read more
- CVE-2018-18695Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. ... read more
- CVE-2018-18695Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. ... read more
- CVE-2018-10587Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote ... read more
- CVE-2018-10587Gravedad: NonePublicado: 01/11/2018Last revised: 01/11/2018Descripción: *** Pendiente de traducción *** NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote ... read more
- Cisco Releases Security AdvisoryOriginal release date: November 01, 2018Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker ... read more
- CVE-2018-18695M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file. ... read more
- CVE-2018-18776Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product. ... read more
- CVE-2018-6909A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by ... read more
- CVE-2018-10586NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. ... read more
- CVE-2018-10587NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code ... read more
- CVE-2018-6908An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device ... read more
- CVE-2018-18777Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a ... read more
- CVE-2018-18775Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product. ... read more
- CVE-2018-6906A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the ... read more
- CVE-2018-6011The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can ... read more
- CVE-2018-18714RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or ... read more
- CVE-2018-6012The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. ... read more
- CVE-2018-6907A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via ... read more
- CVE-2018-18883Gravedad: NonePublicado: 31/10/2018Last revised: 31/10/2018Descripción: *** Pendiente de traducción *** An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to ... read more
- CVE-2018-18892Gravedad: NonePublicado: 31/10/2018Last revised: 31/10/2018Descripción: *** Pendiente de traducción *** MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. ... read more
- CVE-2018-18890Gravedad: NonePublicado: 31/10/2018Last revised: 31/10/2018Descripción: *** Pendiente de traducción *** MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. ... read more
- CVE-2018-18887Gravedad: NonePublicado: 31/10/2018Last revised: 31/10/2018Descripción: *** Pendiente de traducción *** S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). ... read more
- CVE-2018-18888Gravedad: NonePublicado: 31/10/2018Last revised: 31/10/2018Descripción: *** Pendiente de traducción *** An issue was discovered in laravelCMS through 2018-04-02. appHttpControllersBackendProfileController.php allows upload of arbitrary PHP files because the file extension is ... read more
- CVE-2018-18891Gravedad: NonePublicado: 31/10/2018Last revised: 31/10/2018Descripción: *** Pendiente de traducción *** MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. ... read more
- Cyber warrant officer leads West Point research program for protecting critical U.S. infrastructureA major project to explore employment of the total Army force to defend the nation's critical infrastructure from cyber attack developed by the Army Cyber Institute (ACI) at the U.S. ... read more
- Fr. Sauter AG CASE SuiteThis advisory includes mitigations for an improper restriction of XML External Entity Reference vulnerability in Fr. Sauter AG's CASE Suite software. ... read more
- Circontrol CirCarLifeThis advisory includes mitigations for authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabilities in Circontrol’s CirCarLife, an electric vehicle charging station. ... read more
- AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)This advisory includes mitigations for stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA’s InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) products. ... read more
- Schneider Electric Software Update (SESU)This advisory includes mitigations for a DLL hijacking vulnerability in the Schneider Electric Software Update (SESU). ... read more
- VU#317277: Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap overflow.Vulnerability Note VU#317277 Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap overflow. Original Release date: 01 Nov 2018 | Last revised: 01 Nov 2018 Overview Texas ... read more
- ST18-006: Website SecurityOriginal release date: November 01, 2018 What is website security?Website security refers to the protection of personal and organizational public-facing websites from cyberattacks.Why should I care about website security?Cyberattacks against ... read more
- CVE-2018-14660A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple ... read more
- CVE-2018-3977An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker ... read more
- CVE-2018-3910An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code ... read more
Title | Category | Tag |
Accelerating Action CDP Global Water Report 2015 – Project Financing |
InfrastructureProjectFinanceWater | governments infrastructure water |
Africa – The State of African Utilities Performance Assessment and Benchmarking Report – Water |
SmartCitiesStandardsPracticesWater | africa infrastructure water |