ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. Date published : 2018-09-06 https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b https://github.com/ImageMagick/ImageMagick/issues/1206
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. Date published : 2018-09-06 https://github.com/ImageMagick/ImageMagick/commit/76efa969342568841ecf320b5a041685a6d24e0b https://github.com/ImageMagick/ImageMagick/issues/1201
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. Date published :...
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors’ personal information (Name, Email, Organization, and Position) by...
An issue was discovered in Nibbleblog v4.0.5. With an admin’s username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}")....
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication. Date published : 2018-09-06 https://cyberskr.com/blog/furuno-felcom.html https://gist.github.com/CyberSKR/34a8d6be7646a4bfd4df455f9f52500f
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase)....
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. Date published : 2018-09-06 https://www.exploit-db.com/exploits/46726/ http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html
An unescaped payload in exceljs
** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852...
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. Date published : 2018-09-06 https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html https://wpvulndb.com/vulnerabilities/9124
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. Date published : 2018-09-06 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Date published : 2018-09-06 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Date published : 2018-09-06 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877