Monthly Archive: May 2018

In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from...

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data....

PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. Date published : 2018-05-13 https://github.com/gouguoyin/phprap/issues/89

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. Date published : 2018-05-13 https://github.com/gouguoyin/phprap/issues/89

An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. Date published : 2018-05-13 https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf

The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation...

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP...

The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract’s Ether. Date published : 2018-05-13 https://medium.com/@jonghyk.song/attackers-can-steal-all-of-ether-in-roc-rasputin-online-coin-token-smart-contract-ae928b4a935a

MyBB 1.8.15, when accessed with Microsoft Edge, mishandles ‘target="_blank" rel="noopener"’ in A elements, which makes it easier for remote attackers to conduct redirection attacks. Date published : 2018-05-13 http://www.securityfocus.com/bid/104187 https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc

ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. Date published : 2018-05-12 https://github.com/ruibaby/halo/issues/9

ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. Date published : 2018-05-12 https://github.com/ruibaby/halo/issues/9

An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. Date published : 2018-05-12 https://github.com/TekerFue/SDcms-Code-Audit/blob/master/1.5%20csrf

An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. Date published : 2018-05-12 https://github.com/TekerFue/YXcms-Code-Audit/blob/master/1.4.7%20csrf

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. Date published : 2018-05-12 https://www.debian.org/security/2018/dsa-4238 https://security.gentoo.org/glsa/201811-14