An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by tags. Date published : 2018-09-16 http://www.safecomp.com/blog/donlinkage.html
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer...
An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. Date published : 2018-09-16 http://secwk.blogspot.com/2018/09/otcms-361-reflected-xss-shareswitchphp.html
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. Date published : 2018-09-16 http://secwk.blogspot.com/2018/09/otcms-361-reflected-xss-usersphp.html
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in...
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. Date published : 2018-09-16 https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. Date published : 2018-09-15 https://github.com/wacj1425/yiqicms/issues/1
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. Date published : 2018-09-15...
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit....
The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. Date published : 2018-09-15 https://hackerone.com/reports/22142 https://plugins.trac.wordpress.org/browser/wordpress-feed-statistics/trunk/feed-statistics.php?rev=960868
wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. Date published : 2018-09-15 https://github.com/wernsey/bitmap/issues/1
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Date published : 2018-09-15 https://github.com/tunnuz/json/issues/11
An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. Date published : 2018-09-15 https://github.com/unlcms/UNL-CMS/issues/941
An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. Date published : 2018-09-15 https://github.com/unlcms/UNL-CMS/issues/941