PaulWaite - Dark Reading

Hot Topics

Editors' Choice

3

More Than Half of Users Reuse Passwords

Curtis Franklin Jr., Senior Editor at Dark Reading, 5/24/2018

2

Is Threat Intelligence Garbage?

Chris McDaniels, Chief Information Security Officer of Mosaic451, 5/23/2018

1

Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime

Dark Reading Staff 5/22/2018

Webinars

Learn About Cyber Attackers & How They Target Your Organization

Strategy Session: Coping with the IT Security Skill Shortage

IoT: 6 Core Components | Use Cases| Security

Webinar Archives

White Papers

Typosquatting: More Than Just a Typo

Unstructured Data Risk Assessment

Prioritize Support Services to Provide Better End User Experience (IDC Report)

Phishing Response Trends: It's a Cluster

Virtual Support Agent Evaluation

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Download Now!

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

The Dark Reading Security Spending Survey

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-11500
PUBLISHED: 2018-05-26

An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.

CVE-2018-11501
PUBLISHED: 2018-05-26

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.

CVE-2018-11503
PUBLISHED: 2018-05-26

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVE-2018-11504
PUBLISHED: 2018-05-26

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVE-2018-11494
PUBLISHED: 2018-05-26

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containi...

Profile for PaulWaite