OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. Date published : 2018-09-04 https://github.com/liu21st/onethink/issues/37
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. Date published : 2018-09-04 https://github.com/chshcms/cscms/issues/1
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. Date published : 2018-09-04 https://github.com/philippe/FrogCMS/issues/12 https://github.com/security-breachlock/CVE-2018-16447/blob/master/frog_CSRF.pdf
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting...
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. Date published : 2018-09-04 https://github.com/MichaelWayneLIU/seacms/blob/master/seacms4.md
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. Date published : 2018-09-04 https://github.com/MichaelWayneLIU/seacms/blob/master/seacms3.md
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext...
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero...
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. Date published : 2018-09-04 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930 https://review.gluster.org/#/c/glusterfs/+/21068/
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. Date published :...
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to...
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. Date...
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code...
It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of...