Monthly Archive: August 2018

IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land,...

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. Date published : 2018-08-05 https://github.com/alterebro/WeaselCMS/issues/6

An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. Date published : 2018-08-05 https://github.com/alterebro/WeaselCMS/issues/6

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). Date published : 2018-08-05 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. Date published : 2018-08-05 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "

An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). Date published : 2018-08-05 https://github.com/dilawar/sound/issues/4 https://github.com/fouzhe/security/tree/master/sound#alloc-dealloc-mismatch-in-function-openwavfile

An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). Date published : 2018-08-05 https://github.com/flexpaper/pdf2json/issues/20 https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-csstyle

An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). Date published : 2018-08-05 https://github.com/flexpaper/pdf2json/issues/19 https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-htmlstring

An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. Date published : 2018-08-05 https://github.com/fouzhe/security/tree/master/jpeg_encoder#heap-buffer-overflow-in-function-readfrombmp https://github.com/thejinchao/jpeg_encoder/issues/6