Monthly Archive: September 2018

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. Date published : 2018-09-02 https://github.com/wuzhicms/wuzhicms/issues/147

SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. Date published : 2018-09-02 https://github.com/Jas0nwhy/vulnerability/blob/master/Seacmsxss.md

An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. Date published : 2018-09-02 https://github.com/gleez/cms/issues/798

ChemCMS 1.0.6 has XSS via the "setting -> website information" field. Date published : 2018-09-02 https://github.com/chemcms/ChemCMS/issues/2

An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. Date published : 2018-09-02 https://github.com/teameasy/EasyCMS/issues/5

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. Date...

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. Date published : 2018-09-02 http://zhinianyuxin.postach.io/post/seacms-v6-61-latest-version-backend-rce https://github.com/cumtxujiabin/CmsPoc/blob/master/Seacms_v6.61_backend_RCE.md

ShowDoc v1.8.0 has XSS via a new page. Date published : 2018-09-02 https://github.com/star7th/showdoc/issues/325

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. Date published : 2018-09-02 https://github.com/sbmzhcn/EmpireCMS/issues/1

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator’s password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. Date published :...

An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website’s basic configuration via upload/admin.php/setting/save. Date published : 2018-09-02 https://github.com/chshcms/cscms/issues/2

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. Date published : 2018-09-01 https://github.com/Exiv2/exiv2/issues/400 https://lists.debian.org/debian-lts-announce/2018/10/msg00012.html

newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF...

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. Date published : 2018-09-01...