Security News

CVE-2018-16450

National Vulnerability Database - Tue, 09/04/2018 - 00:29
CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.
Categories: Security News

CVE-2018-16444

National Vulnerability Database - Tue, 09/04/2018 - 00:29
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
Categories: Security News

CVE-2018-16445

National Vulnerability Database - Tue, 09/04/2018 - 00:29
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.
Categories: Security News

CVE-2018-16446

National Vulnerability Database - Tue, 09/04/2018 - 00:29
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
Categories: Security News

CVE-2018-16447

National Vulnerability Database - Tue, 09/04/2018 - 00:29
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
Categories: Security News

CVE-2018-16448

National Vulnerability Database - Tue, 09/04/2018 - 00:29
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
Categories: Security News

CVE-2018-16449

National Vulnerability Database - Tue, 09/04/2018 - 00:29
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
Categories: Security News

Vuln: Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 09/04/2018 - 00:00
Google Chrome Prior to 69.0.3497.81 Multiple Security Vulnerabilities
Categories: Security News

CVE-2018-16432

National Vulnerability Database - Mon, 09/03/2018 - 20:29
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.
Categories: Security News

CVE-2018-16435

National Vulnerability Database - Mon, 09/03/2018 - 20:29
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Categories: Security News

CVE-2018-16438

National Vulnerability Database - Mon, 09/03/2018 - 20:29
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.
Categories: Security News

CVE-2018-16424

National Vulnerability Database - Mon, 09/03/2018 - 20:29
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-16425

National Vulnerability Database - Mon, 09/03/2018 - 20:29
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-16426

National Vulnerability Database - Mon, 09/03/2018 - 20:29
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
Categories: Security News

CVE-2018-16427

National Vulnerability Database - Mon, 09/03/2018 - 20:29
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
Categories: Security News

CVE-2018-16428

National Vulnerability Database - Mon, 09/03/2018 - 20:29
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
Categories: Security News

CVE-2018-16429

National Vulnerability Database - Mon, 09/03/2018 - 20:29
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
Categories: Security News

CVE-2018-16430

National Vulnerability Database - Mon, 09/03/2018 - 20:29
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
Categories: Security News

CVE-2018-16431

National Vulnerability Database - Mon, 09/03/2018 - 20:29
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
Categories: Security News

CVE-2018-16418

National Vulnerability Database - Mon, 09/03/2018 - 20:29
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

Pages