Monthly Archive: June 2018

ArticleCMS through 2017-02-19 has XSS via an "add an article" action. Date published : 2018-06-13 https://github.com/woider/ArticleCMS/issues/4

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the...

There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. Date published : 2018-06-13 https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017 https://github.com/radare/radare2/issues/10294

There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file. Date published : 2018-06-13 https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d https://github.com/radare/radare2/issues/10296

There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. Date published : 2018-06-13 https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548 https://github.com/radare/radare2/issues/10293

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3. Date published : 2018-06-13 https://www.palemoon.org/releasenotes.shtml https://www.exploit-db.com/exploits/44900/

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. Date published : 2018-06-13 https://github.com/matrix-org/synapse/pull/3371 https://github.com/matrix-org/synapse/releases/tag/v0.31.1

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. Date published : 2018-06-13 http://www.iwantacve.cn/index.php/archives/40/

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. Date published : 2018-06-13 https://github.com/XIMDEX/ximdex/issues/149

xowl/request.php in Ximdex 4.0 has XSS via the content parameter. Date published : 2018-06-13 https://github.com/XIMDEX/ximdex/issues/148

** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true"...

acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. Date published : 2018-06-13 http://b3n7s.github.io/acccheck-command-injection.html

systemerrors404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. Date published : 2018-06-13 https://github.com/lzlzh2016/CVE/blob/master/XSS.md

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. Date published : 2018-06-13 https://github.com/Exiv2/exiv2/issues/365 https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc