ATENTION‼ New - CVE-2018-17422
📖 Read
via "National Vulnerability Database".
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17421
📖 Read
via "National Vulnerability Database".
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17420
📖 Read
via "National Vulnerability Database".
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17419
📖 Read
via "National Vulnerability Database".
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17418
📖 Read
via "National Vulnerability Database".
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17416
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17415
📖 Read
via "National Vulnerability Database".
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17414
📖 Read
via "National Vulnerability Database".
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17413
📖 Read
via "National Vulnerability Database".
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17412
📖 Read
via "National Vulnerability Database".
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-16809
📖 Read
via "National Vulnerability Database".
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-16808
📖 Read
via "National Vulnerability Database".
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-16804
📖 Read
via "National Vulnerability Database".
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-14499
📖 Read
via "National Vulnerability Database".
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-14498
📖 Read
via "National Vulnerability Database".
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-14038
📖 Read
via "National Vulnerability Database".
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-14038
📖 Read
via "National Vulnerability Database".
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-12447
📖 Read
via "National Vulnerability Database".
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-7468
📖 Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-7467
📖 Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-7466
📖 Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.📖 Read
via "National Vulnerability Database".