An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router’s web server. While processing the ssid parameter...
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. Date published : 2018-09-01 https://github.com/idreamsoft/iCMS/issues/31
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account’s password. Date published : 2018-09-01 https://github.com/Vict00r/poc/issues/1
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. Date published : 2018-09-01 https://github.com/pandao/editor.md/issues/612
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. Date published : 2018-09-01 https://github.com/ImageMagick/ImageMagick/issues/1225
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. Date published : 2018-09-01 https://github.com/ImageMagick/ImageMagick/issues/1224
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Date published : 2018-09-01 https://github.com/intelliants/subrion/issues/771
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Date published : 2018-09-01 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. Date published : 2018-09-01 https://cxsecurity.com/issue/WLB-2018080098 https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process...
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. Date published : 2018-09-01 https://github.com/idreamsoft/iCMS/issues/41
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. Date published : 2018-09-01 https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. Date published : 2018-09-01 https://github.com/caokang/waimai/issues/3
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this...