Monthly Archive: August 2018

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in...

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the...

A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session...

PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. Date published : 2018-08-10 https://gkaim.com/cve-2018-15191-vikas-chaudhary/

PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. Date published : 2018-08-10 https://gkaim.com/cve-2018-15190-vikas-chaudhary/

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. Date published : 2018-08-10 https://gkaim.com/cve-2018-15189-vikas-chaudhary/

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. Date published : 2018-08-10 https://gkaim.com/cve-2018-15188-vikas-chaudhary/

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. Date published : 2018-08-10 https://gkaim.com/cve-2018-15187-vikas-chaudhary/

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. Date published : 2018-08-10 https://gkaim.com/cve-2018-15186-vikas-chaudhary/

PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field....

Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. Date published : 2018-08-10 https://github.com/wolfcms/wolfcms/issues/673

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. Date published : 2018-08-10 http://www.securityfocus.com/bid/105053 https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device....

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. Date published :...