Monthly Archive: June 2018

IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211....

IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a...

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. Date published : 2018-06-15 https://github.com/idreamsoft/iCMS/issues/26

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Date published : 2018-06-15 https://www.debian.org/security/2018/dsa-4293 https://github.com/Orc/discount/issues/189#issuecomment-397541501

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. Date published : 2018-06-15 https://github.com/sanluan/PublicCMS/issues/12

An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. Date published : 2018-06-15 https://github.com/sanluan/PublicCMS/issues/12

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. Date published : 2018-06-15 https://github.com/SukaraLin/php_code_audit_project/blob/master/phpok/Phpok%204.9.032%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. Date published : 2018-06-15...

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. Date published : 2018-06-15...

libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c...

An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. Date published...

An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service....

expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. Date published : 2018-06-15 https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b https://hackerone.com/reports/343626

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. Date published : 2018-06-15...