Security News

CVE-2018-19463

National Vulnerability Database - Thu, 11/22/2018 - 16:29
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI.
Categories: Security News

CVE-2018-19464

National Vulnerability Database - Thu, 11/22/2018 - 16:29
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandle s statcode field from third-party stats code.
Categories: Security News

CVE-2018-19457

National Vulnerability Database - Thu, 11/22/2018 - 15:29
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
Categories: Security News

CVE-2018-19458

National Vulnerability Database - Thu, 11/22/2018 - 15:29
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Categories: Security News

CVE-2018-19459

National Vulnerability Database - Thu, 11/22/2018 - 15:29
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
Categories: Security News

CVE-2018-19443

National Vulnerability Database - Thu, 11/22/2018 - 14:29
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
Categories: Security News

CVE-2018-19433

National Vulnerability Database - Thu, 11/22/2018 - 00:29
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
Categories: Security News

CVE-2018-19434

National Vulnerability Database - Thu, 11/22/2018 - 00:29
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.
Categories: Security News

CVE-2018-19435

National Vulnerability Database - Thu, 11/22/2018 - 00:29
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
Categories: Security News

CVE-2018-19436

National Vulnerability Database - Thu, 11/22/2018 - 00:29
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
Categories: Security News

CVE-2018-19437

National Vulnerability Database - Thu, 11/22/2018 - 00:29
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
Categories: Security News

CVE-2018-19432

National Vulnerability Database - Thu, 11/22/2018 - 00:29
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
Categories: Security News

Vuln: Libsndfile 'sndfile.c' Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/22/2018 - 00:00
Libsndfile 'sndfile.c' Denial of Service Vulnerability
Categories: Security News

CVE-2018-19420

National Vulnerability Database - Wed, 11/21/2018 - 16:29
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
Categories: Security News

CVE-2018-19421

National Vulnerability Database - Wed, 11/21/2018 - 16:29
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
Categories: Security News

CVE-2018-19422

National Vulnerability Database - Wed, 11/21/2018 - 16:29
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Categories: Security News

CVE-2018-19423

National Vulnerability Database - Wed, 11/21/2018 - 16:29
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
Categories: Security News

CVE-2018-19424

National Vulnerability Database - Wed, 11/21/2018 - 16:29
ClipperCMS 1.3.3 allows remote authenticated administrators to upload .htaccess files.
Categories: Security News

CVE-2018-19416

National Vulnerability Database - Wed, 11/21/2018 - 15:29
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.
Categories: Security News

CVE-2018-19417

National Vulnerability Database - Wed, 11/21/2018 - 15:29
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
Categories: Security News

Pages