Monthly Archive: September 2018

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. Date published : 2018-09-17 https://github.com/panghusec/exploit/issues/7

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. Date published : 2018-09-17 https://github.com/panghusec/exploit/issues/6

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. Date published : 2018-09-17 https://github.com/panghusec/exploit/issues/4

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. Date published : 2018-09-17 https://github.com/panghusec/exploit/issues/5

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, Date published : 2018-09-17 https://github.com/panghusec/exploit/issues/3

MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field. Date published : 2018-09-17 https://github.com/panghusec/exploit/issues/2

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. Date published : 2018-09-17 https://www.exploit-db.com/exploits/45449/ MyBB 1.8.19 Released — Security & Maintenance Release

blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. Date published : 2018-09-17...

CScms 4.1 allows remote code execution, as demonstrated by 1′);eval($_POST[cmd]);# in Web Name to uploadpluginssysInstall.php. Date published : 2018-09-17 https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md#cscms_getshell https://www.patec.cn/newsshow.php?cid=24&id=125

CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to pluginssysadminPlugins.php. Date published : 2018-09-17 https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md https://www.patec.cn/newsshow.php?cid=24&id=125

App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. Date published : 2018-09-17 https://github.com/teameasy/EasyCMS/issues/7

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. Date published : 2018-09-17 https://www.exploit-db.com/exploits/45328/

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all...

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot...