Monthly Archive: April 2018

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. Date published : 2018-04-15 https://github.com/idreamsoft/iCMS/issues/20

An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed...

An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Date published : 2018-04-14 https://github.com/xiaoqx/pocs/tree/master/gegl

An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed...

An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Date published : 2018-04-14 https://github.com/xiaoqx/pocs/tree/master/gegl

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. Date...

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. Date published : 2018-04-14 http://www.securityfocus.com/bid/103775 https://codex.wordpress.org/Version_4.9.5

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. Date published : 2018-04-14 http://www.securityfocus.com/bid/104350 https://codex.wordpress.org/Version_4.9.5

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. Date published : 2018-04-14 https://codex.wordpress.org/Version_4.9.5 https://core.trac.wordpress.org/changeset/42892

Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. Date published : 2018-04-13 http://www.securityfocus.com/bid/65740 http://seclists.org/fulldisclosure/2014/Feb/219

MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. Date published : 2018-04-13 http://www.securityfocus.com/bid/66141 http://seclists.org/fulldisclosure/2014/Mar/102

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla’s CVE-2014-1572), which can be abused to lead to commit metadata forgery. Date published : 2018-04-13 https://ikiwiki.info/security/#cve-2016-9646 https://security-tracker.debian.org/tracker/CVE-2016-9646

In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses. Date published : 2018-04-13 https://support.f5.com/csp/article/K19361245

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase...