News aggregator

CVE-2018-16772

National Vulnerability Database - Mon, 09/10/2018 - 00:29
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
Categories: Security News

CVE-2018-16773

National Vulnerability Database - Mon, 09/10/2018 - 00:29
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
Categories: Security News

CVE-2018-16774

National Vulnerability Database - Mon, 09/10/2018 - 00:29
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
Categories: Security News

CVE-2018-16764

National Vulnerability Database - Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
Categories: Security News

CVE-2018-16765

National Vulnerability Database - Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
Categories: Security News

CVE-2018-16766

National Vulnerability Database - Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
Categories: Security News

CVE-2018-16767

National Vulnerability Database - Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
Categories: Security News

CVE-2018-16759

National Vulnerability Database - Sun, 09/09/2018 - 17:29
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
Categories: Security News

CVE-2018-16761

National Vulnerability Database - Sun, 09/09/2018 - 17:29
Eventum before 3.4.0 has an open redirect vulnerability.
Categories: Security News

CVE-2018-16762

National Vulnerability Database - Sun, 09/09/2018 - 17:29
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
Categories: Security News

CVE-2018-16763

National Vulnerability Database - Sun, 09/09/2018 - 17:29
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
Categories: Security News

CVE-2018-16749

National Vulnerability Database - Sun, 09/09/2018 - 11:29
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
Categories: Security News

CVE-2018-16750

National Vulnerability Database - Sun, 09/09/2018 - 11:29
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
Categories: Security News

CVE-2018-16736

National Vulnerability Database - Sun, 09/09/2018 - 08:29
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
Categories: Security News

CVE-2018-16724

National Vulnerability Database - Sat, 09/08/2018 - 11:29
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
Categories: Security News

CVE-2018-16725

National Vulnerability Database - Sat, 09/08/2018 - 11:29
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
Categories: Security News

CVE-2018-16730

National Vulnerability Database - Sat, 09/08/2018 - 11:29
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
Categories: Security News

CVE-2018-16731

National Vulnerability Database - Sat, 09/08/2018 - 11:29
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
Categories: Security News

CVE-2018-16732

National Vulnerability Database - Sat, 09/08/2018 - 11:29
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
Categories: Security News

CVE-2018-16733

National Vulnerability Database - Sat, 09/08/2018 - 11:29
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
Categories: Security News

Pages