Monthly Archive: September 2018

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function...

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the...

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed...

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ...

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. Date published : 2018-09-09 https://www.exploit-db.com/exploits/47138 http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html

FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. Date published : 2018-09-09 https://github.com/daylightstudio/FUEL-CMS/issues/478

Eventum before 3.4.0 has an open redirect vulnerability. Date published : 2018-09-09 https://github.com/eventum/eventum/releases/tag/v3.4.0

The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. Date published : 2018-09-09 https://github.com/teameasy/EasyCMS/issues/4

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. Date published : 2018-09-09 http://www.securityfocus.com/bid/108492 https://github.com/ImageMagick/ImageMagick/issues/1118

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. Date published...

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). Date published : 2018-09-09 https://www.exploit-db.com/exploits/45437/ https://github.com/eagle00789/RC_Filters/issues/19

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. Date published : 2018-09-08 https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639

uploadpluginssysadminSetting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. Date published : 2018-09-08 https://github.com/AvaterXXX/CScms/blob/master/CScms_csrf.md https://www.patec.cn/newsshow.php?cid=24&id=123

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. Date published :...