IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824. Date published : 2018-04-26 http://www.ibm.com/support/docview.wss?uid=swg22015797 https://www.exploit-db.com/exploits/45005/
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain...
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Date published : 2018-04-26 https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. Date published : 2018-04-26 https://github.com/chekun/DiliCMS/issues/57
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. Date published : 2018-04-26 https://github.com/CosmoCMS/Cosmo/issues/405
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered. Date published...
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field. Date published : 2018-04-26 https://github.com/bg5sbk/MiniCMS/issues/18
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article. Date published : 2018-04-26...
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. Date published : 2018-04-26 https://github.com/Neeke/HongCMS/issues/2
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Date published : 2018-04-26 https://security.gentoo.org/glsa/202003-36 https://gitlab.xiph.org/xiph/vorbis/issues/2334
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other...
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. Date published : 2018-04-26 https://github.com/wuzhicms/wuzhicms/issues/134
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray...
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. Date published : 2018-04-25 https://wordpress.org/plugins/wordpress-flash-uploader/changelog/ https://wordpress.org/support/topic/vulnerability-discovered-2/