SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be...
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-samsung-syncthru-web-service-cc86467d2df
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces’ propertyPath parameters. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Date published : 2018-08-03 https://medium.com/stolabs/security-issues-on-samsung-syncthru-web-service-cc86467d2df
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL...
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. Date published :...
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the...
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a...
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. Date published : 2018-08-03 https://www.exploit-db.com/exploits/45103/ http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block’s hash. Therefore, attackers can predict the random number and always win...
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges...
The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. Date published : 2018-08-03 http://seclists.org/fulldisclosure/2018/Jul/93 https://etherscan.io/address/0xF4134146AF2d511Dd5EA8cDB1C4AC88C57D60404#code