Monthly Archive: April 2018

A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root...

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Date published : 2018-04-19 https://www.tenable.com/security/research/tra-2018-08

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Date published : 2018-04-19 https://www.tenable.com/security/research/tra-2018-08

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. Date published : 2018-04-19 https://www.tenable.com/security/research/tra-2018-08

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diydayruicontrollersadminSyscontroller.php ‘add’ function because an attacker can control the value of $data[‘name’] with no restrictions, and this value is written to the...

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diymodulemembercontrollersadminSetting.php ‘index’ function because an attacker can control the value of $cache[‘setting’][‘ucssocfg’] in diymodulemembermodelsMember_model.php and write this code into the api/ucsso/config.php file....

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. Date published : 2018-04-19 https://www.zend.com/en/products/server/release-notes https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf

MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. Date published : 2018-04-19 https://github.com/bg5sbk/MiniCMS/issues/15

thinkphp 3.1.3 has SQL Injection via the index.php s parameter. Date published : 2018-04-19 http://www.blcat.cn/post-39.html

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. Date published : 2018-04-19 http://www.8sec.cc/archives/601 https://github.com/yzmcms/yzmcms/issues/2

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. Date published : 2018-04-19 http://www.8sec.cc/archives/596 https://github.com/yzmcms/yzmcms/issues/1

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. Date published : 2018-04-19 https://github.com/idreamsoft/iCMS/issues/21

An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege...

** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports...