Monthly Archive: June 2018

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. Date published : 2018-06-29 https://github.com/rocktronica/OneFileCMS/issues/7

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. Date published : 2018-06-29 https://github.com/rocktronica/OneFileCMS/issues/6

An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface. Date published : 2018-06-29 https://github.com/lzlzh2016/MaeloStore/blob/master/ccXSS.md

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. Date published : 2018-06-29 https://github.com/GreenCMS/GreenCMS/issues/111

Hycus CMS 1.0.4 allows Authentication Bypass via "’=’ ‘OR’" credentials. Date published : 2018-06-29 https://www.exploit-db.com/exploits/44954/

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. Date published : 2018-06-29 https://lists.fedoraproject.org/archives/list/[email protected]/message/LEJQUDZT4JRJSPZYY3UPSCTFPAC5TUHK/ https://lists.fedoraproject.org/archives/list/[email protected]/message/UMEMSUUXA3SL3AZAKKCTZFXVPHTBBK3O/

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. Date published : 2018-06-29 https://bugzilla.redhat.com/show_bug.cgi?id=1595689

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ‘json’ to the /q URI. Date published : 2018-06-29 https://github.com/OpenTSDB/opentsdb/issues/1240

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. Date published : 2018-06-29 https://github.com/OpenTSDB/opentsdb/issues/1239

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. Date published : 2018-06-29 https://github.com/teameasy/EasyCMS/issues/3

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG...

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited...

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive...

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running...