Monthly Archive: March 2017

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th...

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should...

Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers...

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning...

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header. Date published : 2017-03-26 http://www.securityfocus.com/bid/97088 https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted...

The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image....

Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. Date published : 2017-03-26 http://www.securityfocus.com/bid/97196 https://www.yiwang6.cn/Subrion-CSRF2.docx

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. Date published : 2017-03-26 http://www.securityfocus.com/bid/97091 https://www.yiwang6.cn/Subrion-CSRF1.docx

Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. Date published : 2017-03-26 http://www.securityfocus.com/bid/97101 https://www.yiwang6.cn/Symphony-XSS1.docx

Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. Date published : 2017-03-26 http://www.securityfocus.com/bid/97087 http://www.yiwang6.cn/Subrion-CSRF.docx

Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. Date published : 2017-03-26 http://www.securityfocus.com/bid/97093 https://www.yiwang6.cn/SubrionSQL.docx

dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. Date published : 2017-03-26 http://www.securityfocus.com/bid/97089 http://www.yiwang6.cn/dotcms.docx

Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. Date published : 2017-03-26 http://www.yiwang6.cn/Subrion.docx