| CVE-2018-9996 |
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. |
-- |
2018-04-10 |
| CVE-2018-9995 |
TBK DVR4104 and DVR4216 devices allow remote attackers to bypass authentication via a Cookie: uid=admin header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. |
-- |
2018-04-10 |
| CVE-2018-9993 |
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). |
-- |
2018-04-10 |
| CVE-2018-9992 |
Frog CMS 0.9.5 has XSS via the name field of a new File or Directory on the admin/?/plugin/file_manager/browse/ screen. |
-- |
2018-04-11 |
| CVE-2018-9991 |
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. |
-- |
2018-04-11 |
| CVE-2018-9989 |
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. |
-- |
2018-04-10 |
| CVE-2018-9988 |
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. |
-- |
2018-04-10 |
| CVE-2018-9985 |
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. |
-- |
2018-04-10 |
| CVE-2018-9934 |
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. |
-- |
2018-04-10 |
| CVE-2018-9928 |
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. |
-- |
2018-04-10 |
| CVE-2018-9927 |
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. |
-- |
2018-04-10 |
| CVE-2018-9926 |
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. |
-- |
2018-04-10 |
| CVE-2018-9925 |
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. |
-- |
2018-04-10 |
| CVE-2018-9924 |
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. |
-- |
2018-04-10 |
| CVE-2018-9923 |
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. |
-- |
2018-04-10 |
| CVE-2018-9922 |
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. |
-- |
2018-04-10 |
| CVE-2018-9918 |
libqpdf.a in QPDF through 8.0.2 mishandles certain expected dictionary key but found non-name object cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes. |
-- |
2018-04-10 |
| CVE-2018-9864 |
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. |
-- |
2018-04-09 |
| CVE-2018-9862 |
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a docker exec command with that value in the -u argument, a similar issue to CVE-2016-3697. |
-- |
2018-04-09 |
| CVE-2018-9860 |
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs. |
-- |
2018-04-12 |
| CVE-2018-9857 |
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the View Search By Id screen). |
-- |
2018-04-09 |
| CVE-2018-9856 |
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. |
-- |
2018-04-09 |
| CVE-2018-9852 |
In Gxlcms QY v1.0.0713, LibLibActionHomeHitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. |
-- |
2018-04-07 |
| CVE-2018-9851 |
In Gxlcms QY v1.0.0713, LibLibActionAdminTplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a .. sequence. |
-- |
2018-04-07 |
| CVE-2018-9850 |
In Gxlcms QY v1.0.0713, LibLibActionAdminDataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. |
-- |
2018-04-07 |
