Monthly Archive: April 2018

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). Date published : 2018-04-09 https://www.exploit-db.com/exploits/44486/ https://pastebin.com/Y9uEC4nu

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. Date published : 2018-04-09 https://github.com/Kotti/Kotti/issues/551

Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE’s code stripping alone...

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. Date published : 2018-04-09 http://www.securityfocus.com/bid/103724 https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr’s DataImportHandler. It can be used as XXE using...

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially...

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Date published : 2018-04-09 http://buffalo.jp/support_s/s20180328.html http://jvn.jp/en/jp/JVN93397125/index.html

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. Date published : 2018-04-09 http://buffalo.jp/support_s/s20180328.html http://jvn.jp/en/jp/JVN93397125/index.html

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. Date published : 2018-04-09 http://buffalo.jp/support_s/s20180328.html http://jvn.jp/en/jp/JVN93397125/index.html

The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published...

LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Date published : 2018-04-09 http://lxr.sourceforge.net/en/bugsandlimits.php http://jvn.jp/en/jp/JVN72589538/index.html

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage...

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS[‘TYPO3_CONF_VARS’][‘SYS’][‘sitename’], as demonstrated by an admin entering a crafted site name during the installation process. Date published : 2018-04-08 https://forge.typo3.org/issues/84191 https://github.com/pradeepjairamani/TYPO3-XSS-POC

In Gxlcms QY v1.0.0713, LibLibActionHomeHitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. Date published :...