Monthly Archive: October 2018

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL...

A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel Date...

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Date published : 2018-10-29 https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) Date published : 2018-10-29 https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md

XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. Date published : 2018-10-29 https://github.com/m3lon/2018_Recorder/blob/master/SEMCMS%20DOM%20Based%20XSS.md

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. Date published : 2018-10-29 https://github.com/ky-j/dedecms/issues/10