Crowd-sourcing Threat Intelligence & Response Guidance

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-15504
PUBLISHED: 2018-08-18

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

CVE-2018-15505
PUBLISHED: 2018-08-18

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ‘]’ character in an IPv6 a…

CVE-2018-15492
PUBLISHED: 2018-08-18

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

CVE-2018-15494
PUBLISHED: 2018-08-18

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

CVE-2018-15495
PUBLISHED: 2018-08-18

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.

Read More HERE

Leave a Reply