Monthly Archive: September 2018

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or...

Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator’s password. Date published : 2018-09-03 http://www.iwantacve.cn/index.php/archives/48/ https://github.com/daylightstudio/FUEL-CMS/issues/481

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. Date published : 2018-09-03 http://www.securityfocus.com/bid/105241 https://www.debian.org/security/2018/dsa-4316

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. Date published : 2018-09-03 http://www.securityfocus.com/bid/105241 https://www.debian.org/security/2018/dsa-4316

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. Date published : 2018-09-03 https://hackerone.com/reports/353784 https://open.vanillaforums.com/discussion/36559

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. Date published : 2018-09-03 https://github.com/gogs/gogs/issues/5372

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. Date published : 2018-09-03 https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link%20DIR-846%20RCE.md

An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. Date published : 2018-09-03 https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst https://gitlab.com/mayan-edms/mayan-edms/commit/076468a9225e4630a463c0bbceb8e5b805fe380c

An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. Date published : 2018-09-03 https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst https://gitlab.com/mayan-edms/mayan-edms/commit/48dfc06e49c7f773749e063f8cc69c95509d1c32

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. Date published : 2018-09-03 https://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst https://gitlab.com/mayan-edms/mayan-edms/commit/9ebe80595afe4fdd1e2c74358d6a9421f4ce130e

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. Date published : 2018-09-03...

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. Date published : 2018-09-03...

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. Date published : 2018-09-03 https://github.com/twistlock/authz/issues/50...

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, Date published : 2018-09-03 https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51