Monthly Archive: September 2018

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. Date published : 2018-09-14 https://github.com/magic-FE/translate-man/issues/49

An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. Date published : 2018-09-14 https://github.com/maelosoki/MaeloStore/issues/1

In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. Date published : 2018-09-14 https://github.com/yzmcms/yzmcms/issues/3

An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp. Date published : 2018-09-14 https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit https://github.com/tsfn/doc2txt/issues/1

An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop. Date published : 2018-09-14 https://github.com/bcsanches/dbf2txt/issues/2 https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop

MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER[‘REQUEST_URI’] is mishandled. Date published : 2018-09-14 https://github.com/bg5sbk/MiniCMS/issues/24

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. Date published : 2018-09-14 https://github.com/blackstar24/UCMS/blob/master/level.md

An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. Date published : 2018-09-14 https://github.com/blackstar24/UCMS/blob/master/phpinfo.md

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. Date published : 2018-09-14 https://github.com/blackstar24/UCMS/blob/master/README.md

UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. Date published : 2018-09-14 https://github.com/blackstar24/UCMS/blob/master/xss.md

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. Date published : 2018-09-14 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. Date published : 2018-09-14 https://www.exploit-db.com/exploits/45440/ http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Date published : 2018-09-14 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. Date published : 2018-09-14 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html