Monthly Archive: June 2018

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Date published : 2018-06-30 CVE 2018-7475

An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact. Date...

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type. Date published : 2018-06-30 https://github.com/gopro/gpmf-parser/issues/32

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. Date published : 2018-06-30 https://3xpl01tc0d3r.blogspot.com/2018/06/information-disclosure-internal-path.html

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases...

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche...

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. Date published : 2018-06-29 https://github.com/zhaoheng521/yxcms/blob/master/Any%20file%20deletion

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. Date published : 2018-06-29 http://www.kingkk.com/2018/06/Metinfo-v6-0-0-getshell-in-background/

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. Date published : 2018-06-29 https://github.com/Neeke/HongCMS/issues/5

Storing password in recoverable format in safensec.com (SysWatch service) in SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database...

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism...

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a...

An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. Date published : 2018-06-29 https://github.com/gopro/gpmf-parser/issues/31

WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. Date published : 2018-06-29 https://github.com/wstmall/wstmall/issues/4