Monthly Archive: September 2018

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. Date published : 2018-09-12 https://github.com/nothings/stb/issues/656

dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. Date published : 2018-09-12 https://github.com/dotCMS/core/issues/15274

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943. Date published : 2018-09-12 https://github.com/howchen/howchen/issues/4

Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. Date published : 2018-09-12 https://github.com/howchen/howchen/issues/4

Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. Date published : 2018-09-12 https://github.com/howchen/howchen/issues/4

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration...

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in...

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. Date published : 2018-09-12 https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. Date published : 2018-09-12 https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. Date published : 2018-09-12 http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. Date published : 2018-09-12 https://github.com/pluck-cms/pluck/issues/63

feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. Date published : 2018-09-12 https://github.com/frozeman/feindura-flat-file-cms/issues/29

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. Date published : 2018-09-12 https://github.com/smiffy6969/razorCMS/issues/51