Monthly Archive: September 2018

An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. Date published : 2018-09-21 https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html

An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action. Date published : 2018-09-21 https://github.com/ucms/ucms/issues/1

FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php,...

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. Date published : 2018-09-21 https://github.com/espocrm/espocrm/issues/1039 https://github.com/security-breachlock/CVE-2018-17302/blob/master/XSS%20%28Stored%29%20in%20EspoCRM.pdf

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. Date published : 2018-09-21 https://github.com/espocrm/espocrm/issues/1038 https://github.com/security-breachlock/CVE-2018-17301/blob/master/Non-persistent%20XSS%20in%20EspoCRM.pdf

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. Date published : 2018-09-21 https://github.com/CuppaCMS/CuppaCMS/issues/4 https://github.com/security-breachlock/CVE-2018-17300/blob/master/cuppa_xss.pdf

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. Date published : 2018-09-21 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. Date published : 2018-09-21 https://github.com/looly/hutool/issues/162

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string’s length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input...

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file’s main function,...

An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash...

A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in...

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. Date published : 2018-09-21 https://www.exploit-db.com/exploits/45448/ https://www.exploit-db.com/exploits/46795/

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++...