Monthly Archive: May 2018

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the...

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. Date published : 2018-05-21 http://seclists.org/fulldisclosure/2018/May/2 https://github.com/mefulton/asustorexploit

A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the ‘playlist’ POST parameter. Date published : 2018-05-21 http://seclists.org/fulldisclosure/2018/May/2 https://github.com/mefulton/asustorexploit

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. Date published :...

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. Date published : 2018-05-21 http://seclists.org/fulldisclosure/2018/May/2 https://github.com/mefulton/asustorexploit

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file...

An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. Date published : 2018-05-21 https://www.exploit-db.com/exploits/44691/ https://discuss.erpnext.com/t/stored-xss-in-erpnext-demo-website/36587

An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess. Date published...

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted. Date published : 2018-05-21 https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e https://github.com/pluck-cms/pluck/issues/58

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. Date published : 2018-05-21 https://github.com/OctopusDeploy/Issues/issues/4578

Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target’s account information remotely. Date published : 2018-05-21 https://www.exploit-db.com/exploits/44628/

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. Date published : 2018-05-21 https://community.mybb.com/mods.php?action=changelog&pid=1106...

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel’s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before...

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due...