ATENTIONβΌ New - CVE-2018-17421
π Read
via "National Vulnerability Database".
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17420
π Read
via "National Vulnerability Database".
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17419
π Read
via "National Vulnerability Database".
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17418
π Read
via "National Vulnerability Database".
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17416
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17415
π Read
via "National Vulnerability Database".
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17414
π Read
via "National Vulnerability Database".
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17413
π Read
via "National Vulnerability Database".
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-17412
π Read
via "National Vulnerability Database".
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16809
π Read
via "National Vulnerability Database".
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16808
π Read
via "National Vulnerability Database".
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16804
π Read
via "National Vulnerability Database".
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14499
π Read
via "National Vulnerability Database".
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14498
π Read
via "National Vulnerability Database".
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14038
π Read
via "National Vulnerability Database".
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14038
π Read
via "National Vulnerability Database".
The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12447
π Read
via "National Vulnerability Database".
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7468
π Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7467
π Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7466
π Read
via "National Vulnerability Database".
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.π Read
via "National Vulnerability Database".
β For sale: Gray-market iPhones that yield secrets to encryption β
π Read
via "Naked Security".
The prototype iPhones are slipping out of Apple's supply chain with disabled security, to the delight of researchers and jailbreakers.π Read
via "Naked Security".
Naked Security
Developer-only iPhones help reveal Appleβs secret security sauce
The prototype iPhones are slipping out of Appleβs supply chain with disabled security, to the delight of researchers and jailbreakers.