Monthly Archive: December 2017

In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. Date published : 2017-12-28 http://www.securityfocus.com/bid/102312 http://bugzilla.maptools.org/show_bug.cgi?id=2767

PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md

PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Vanguard.md

Vanguard Marketplace Digital Products PHP has CSRF via /search. Date published : 2017-12-28 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Vanguard.md

A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long...

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION...

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Date published : 2017-12-28 https://www.synology.com/en-global/support/security/Synology_SA_17_78

In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. Date published : 2017-12-28 https://www.exploit-db.com/exploits/43403/

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses...

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to...

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload...