News aggregator

CVE-2018-15853

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
Categories: Security News

CVE-2018-15854

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
Categories: Security News

CVE-2018-15855

National Vulnerability Database - Sat, 08/25/2018 - 17:29
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
Categories: Security News

CVE-2018-15856

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
Categories: Security News

CVE-2018-15857

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
Categories: Security News

CVE-2018-15842

National Vulnerability Database - Sat, 08/25/2018 - 17:29
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.
Categories: Security News

CVE-2018-15843

National Vulnerability Database - Sat, 08/25/2018 - 17:29
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
Categories: Security News

CVE-2018-15844

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
Categories: Security News

CVE-2018-15845

National Vulnerability Database - Sat, 08/25/2018 - 17:29
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
Categories: Security News

CVE-2018-15846

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.
Categories: Security News

CVE-2018-15847

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.
Categories: Security News

CVE-2018-15848

National Vulnerability Database - Sat, 08/25/2018 - 17:29
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
Categories: Security News

CVE-2018-15870

National Vulnerability Database - Sat, 08/25/2018 - 15:29
An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Categories: Security News

CVE-2018-15871

National Vulnerability Database - Sat, 08/25/2018 - 15:29
An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Categories: Security News

CVE-2018-15874

National Vulnerability Database - Sat, 08/25/2018 - 15:29
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
Categories: Security News

CVE-2018-15875

National Vulnerability Database - Sat, 08/25/2018 - 15:29
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
Categories: Security News

Pages