Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. Date published : 2018-05-25 https://github.com/monstra-cms/monstra/issues/443
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser. Date published : 2018-05-25 https://github.com/monstra-cms/monstra/issues/444
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). Date published : 2018-05-25 https://github.com/monstra-cms/monstra/issues/446 https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). Date published : 2018-05-25 https://github.com/monstra-cms/monstra/issues/445 https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-
Cockpit 0.5.5 has XSS via a collection, form, or region. Date published : 2018-05-25 https://github.com/nikhil1232/Cockpit-CMS-XSS-POC
iScripts eSwap v2.4 has SQL injection via the "search.php" ‘Told’ parameter in the User Panel. Date published : 2018-05-25 https://github.com/hi-KK/CVE-Hunter/blob/master/3.md
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability...
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. Date published : 2018-05-25...
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. Date published : 2018-05-25 https://www.exploit-db.com/exploits/44763/ https://gist.github.com/NinjaXshell/a5fae5e2d1031ca59160fbe29d94279c
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0. Date published : 2018-05-25 https://www.exploit-db.com/exploits/44765/ https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. Date published : 2018-05-25 https://www.exploit-db.com/exploits/44764/ https://gist.github.com/NinjaXshell/be613dab99601f6abce884f6bc3d83a8
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. Date published : 2018-05-25 https://www.exploit-db.com/exploits/44763/ https://gist.github.com/NinjaXshell/a5fae5e2d1031ca59160fbe29d94279c
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. Date published : 2018-05-25 http://www.securityfocus.com/bid/104321 https://github.com/liblouis/liblouis/issues/575
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS...