-
Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Unauthorised Access
F-Secure Radar Login Page Unvalidated Redirect Vulnerability
CVE-2018-6324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6324
# Summary
The application will upon successfully logging in redirect the user to a
user-controlled destination. A victim user may not recognise that a redirection
Local Privilege Escalation in CrashPlan’s Windows Client Version 4
Metadata
===
Release Date: 15-Feb-2018
Author: Florian Bogner // https://bogner.sh
Affected product: CrashPlan's 4-series and earlier Windows client
Fixed in: CrashPlan's version
On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak wrote:
> Hi @ll,
>
> since about two or three years now, Microsoft offers Skype as
> optional update on Windows/Microsoft Update.
>
> JFTR: for Microsoft's euphemistic use of "update" see
>
F-Secure Radar Persistent Cross-Site Scripting Vulnerability
CVE-2018-6189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189
# Summary
The application can suggest metadata tags for assets, and in doing so it can
execute JavaScript entered previously by a malicious user.
# Vendor
** Advisory Information
Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router
Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
Vendor: Tenda
Date Published: 14/02/2018
CVE: CVE-2018-5767
** Vulnerability Summary
The vulnerability in question