Monthly Archive: April 2018

joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. Date published : 2018-04-11 https://github.com/joyplus/joyplus-cms/issues/422

The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. Date published : 2018-04-11 https://github.com/SukaraLin/Drops/blob/master/YZMCMSxss.md

ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be...

Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). Date published : 2018-04-11 https://github.com/xwlrbh/Catfish/issues/1

** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance...

soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. Date published :...

Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. Date published : 2018-04-11 https://bugzilla.nasm.us/show_bug.cgi?id=3392473 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11,...

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet...

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. Date published...

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018,...

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11,...

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This...

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This...