Monthly Archive: May 2018

md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Date published : 2018-05-29 https://github.com/mity/md4c/issues/38

md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. Date published : 2018-05-29 https://github.com/mity/md4c/issues/39

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. Date published : 2018-05-29...

md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. Date published : 2018-05-29 https://github.com/mity/md4c/issues/36

An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. Date published : 2018-05-29 https://www.exploit-db.com/exploits/44793/ https://gist.github.com/NinjaXshell/f894bd79f9707a92a7b6934711a8fdc9

An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. Date published : 2018-05-29 https://www.exploit-db.com/exploits/44795/ https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Date published : 2018-05-29 https://github.com/Exiv2/exiv2/issues/283 https://www.debian.org/security/2018/dsa-4238

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. Date published : 2018-05-29 https://github.com/wuzhicms/wuzhicms/issues/138

An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator’s username and password via /admin.php/sys/editpass_save. Date published : 2018-05-29 https://github.com/fanyibo2009/cscms/blob/master/v4.1%20csrf

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. Date published : 2018-05-29 https://www.exploit-db.com/exploits/44794/ https://github.com/unh3x/just4cve/issues/1

A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. Date published : 2018-05-29...

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web...

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. Date published : 2018-05-29 http://www.securityfocus.com/archive/1/542040/100/0/threaded https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11027

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in...