Monthly Archive: July 2018

An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request....

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users’ icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written...

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. Date published : 2018-07-02 http://www.securityfocus.com/bid/104671 https://bugzilla.kernel.org/show_bug.cgi?id=200303

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. Date published : 2018-07-02 https://www.manageengine.com/products/applications_manager/issues.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. Date published : 2018-07-02 https://github.com/glpi-project/glpi/issues/4270

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry...

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one...

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution....

An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at...

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. Date published : 2018-07-02 https://software-talk.org/blog/2018/06/tplink-wr841n-code-exec-cve-2018-12577/

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Date published : 2018-07-02 https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https/

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. Date published : 2018-07-02 https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575/

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Date published : 2018-07-02 https://software-talk.org/blog/2018/06/tplink-wr841n-csrf-cve-2018-12574/

An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. Date published : 2018-07-02 https://www.exploit-db.com/exploits/44939/ http://securitywarrior9.blogspot.com/2018/06/cross-site-request-forgery-intex-router.html