Monthly Archive: May 2018

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding...

The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. Date published : 2018-05-26 https://www.exploit-db.com/exploits/44776/ https://pastebin.com/NtPn3jB8

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. Date published : 2018-05-26...

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. Date published : 2018-05-26...

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. Date published : 2018-05-26 https://gkaim.com/cve-2018-11501-vikas-chaudhary/ https://whitehatck01.blogspot.com/2018/02/website-seller-script-203-stored-xss.html

An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. Date published : 2018-05-26 https://github.com/sanluan/PublicCMS/issues/11

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. Date published...

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability...

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. Date published : 2018-05-26 https://github.com/ckolivas/lrzip/issues/96 https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in adminmodelcatalogdownload.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. Date published : 2018-05-26 http://www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0/

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the...

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. Date published : 2018-05-26 https://github.com/wuzhicms/wuzhicms/issues/137

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode – 2" array index is not checked....

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will...