News aggregator

CVE-2018-16374

National Vulnerability Database - Sun, 09/02/2018 - 20:29
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
Categories: Security News

CVE-2018-16366

National Vulnerability Database - Sun, 09/02/2018 - 18:29
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
Categories: Security News

CVE-2018-16367

National Vulnerability Database - Sun, 09/02/2018 - 18:29
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
Categories: Security News

CVE-2018-16352

National Vulnerability Database - Sun, 09/02/2018 - 18:29
There is a PHP code upload vulnerablity in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
Categories: Security News

CVE-2018-16353

National Vulnerability Database - Sun, 09/02/2018 - 18:29
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter.
Categories: Security News

CVE-2018-16354

National Vulnerability Database - Sun, 09/02/2018 - 18:29
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter.
Categories: Security News

CVE-2018-16358

National Vulnerability Database - Sun, 09/02/2018 - 18:29
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
Categories: Security News

CVE-2018-16359

National Vulnerability Database - Sun, 09/02/2018 - 18:29
Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.
Categories: Security News

CVE-2018-16362

National Vulnerability Database - Sun, 09/02/2018 - 18:29
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php.
Categories: Security News

CVE-2018-16365

National Vulnerability Database - Sun, 09/02/2018 - 18:29
An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
Categories: Security News

CVE-2018-16345

National Vulnerability Database - Sun, 09/02/2018 - 14:29
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
Categories: Security News

CVE-2018-16346

National Vulnerability Database - Sun, 09/02/2018 - 14:29
ChemCMS 1.0.6 has XSS via the "setting -> website information" field.
Categories: Security News

CVE-2018-16347

National Vulnerability Database - Sun, 09/02/2018 - 14:29
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.
Categories: Security News

CVE-2018-16348

National Vulnerability Database - Sun, 09/02/2018 - 14:29
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
Categories: Security News

CVE-2018-16349

National Vulnerability Database - Sun, 09/02/2018 - 14:29
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.
Categories: Security News

CVE-2018-16350

National Vulnerability Database - Sun, 09/02/2018 - 14:29
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.
Categories: Security News

CVE-2018-16337

National Vulnerability Database - Sun, 09/02/2018 - 14:29
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save.
Categories: Security News

CVE-2018-16338

National Vulnerability Database - Sun, 09/02/2018 - 14:29
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
Categories: Security News

CVE-2018-16339

National Vulnerability Database - Sun, 09/02/2018 - 14:29
An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser.
Categories: Security News

CVE-2018-16342

National Vulnerability Database - Sun, 09/02/2018 - 14:29
ShowDoc v1.8.0 has XSS via a new page.
Categories: Security News

Pages