Monthly Archive: August 2018

The editor in Xiuno BBS 4.0.4 allows stored XSS. Date published : 2018-08-19 https://bbs.xiuno.com/thread-148095.htm

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. Date published : 2018-08-19 http://seclists.org/fulldisclosure/2016/Aug/75

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://...

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An...

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a...

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of...

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. Date published : 2018-08-17 https://hackerone.com/reports/341710

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. Date published : 2018-08-17 https://hackerone.com/reports/350418

A privilege escalation detected in flintcms versions

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a...

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since...

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. Date published : 2018-08-17...

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a ‘’ byte to trigger an out-of-bounds read that leads...

/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. Date published : 2018-08-17 http://seclists.org/fulldisclosure/2018/Aug/9 https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt