Monthly Archive: August 2018

** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described...

An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. Date published : 2018-08-25 https://github.com/flexocms/flexo1.source/issues/25

An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. Date published : 2018-08-25 https://github.com/redaxo/redaxo4/issues/420

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. Date published : 2018-08-25 https://github.com/Westbrookadmin/portfolioCMS/issues/1

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. Date published : 2018-08-25 https://github.com/Westbrookadmin/portfolioCMS/issues/1

An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field. Date published : 2018-08-25 https://github.com/choregus/puppyCMS/issues/12

An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator’s password via index.php?p=done&savedata=1. Date published : 2018-08-25 https://github.com/mattiapazienti/fledrCMS/issues/2

There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. Date published : 2018-08-25 https://www.exploit-db.com/exploits/45258/ https://github.com/gleez/cms/issues/800

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account’s password via /admin.php?s=/Admin/doedit. Date published : 2018-08-25 https://www.exploit-db.com/exploits/45314/ https://github.com/Vict00r/poc/issues/1

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. Date published : 2018-08-25 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1293

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. Date published : 2018-08-25 https://github.com/wolfcms/wolfcms/issues/679

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication. Date published...

The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass...

The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication. Date published : 2018-08-24 https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf