News aggregator

CVE-2018-15564

National Vulnerability Database - Sun, 08/19/2018 - 21:29
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
Categories: Security News

CVE-2018-15565

National Vulnerability Database - Sun, 08/19/2018 - 21:29
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.
Categories: Security News

CVE-2018-15566

National Vulnerability Database - Sun, 08/19/2018 - 21:29
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.
Categories: Security News

CVE-2018-15567

National Vulnerability Database - Sun, 08/19/2018 - 21:29
CMSUno before 1.5.3 has XSS via the title field.
Categories: Security News

CVE-2018-15568

National Vulnerability Database - Sun, 08/19/2018 - 21:29
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
Categories: Security News

CVE-2018-15569

National Vulnerability Database - Sun, 08/19/2018 - 21:29
my little forum 2.4.12 allows CSRF for deletion of users.
Categories: Security News

CVE-2018-15553

National Vulnerability Database - Sun, 08/19/2018 - 20:29
fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.
Categories: Security News

CVE-2018-15559

National Vulnerability Database - Sun, 08/19/2018 - 20:29
The editor in Xiuno BBS 4.0.4 allows stored XSS.
Categories: Security News

CVE-2018-15560

National Vulnerability Database - Sun, 08/19/2018 - 20:29
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.
Categories: Security News

Pages