Monthly Archive: November 2018

There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. Date published : 2018-11-29 https://bugzilla.redhat.com/show_bug.cgi?id=1649202

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Date published : 2018-11-29 https://bugzilla.redhat.com/show_bug.cgi?id=1643812 https://lists.debian.org/debian-lts-announce/2019/01/msg00008.html

There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. Date published : 2018-11-29 https://bugzilla.redhat.com/show_bug.cgi?id=1649197

There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. Date published : 2018-11-29 https://bugzilla.redhat.com/show_bug.cgi?id=1649198

There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative...

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. Date published : 2018-11-29 https://www.exploit-db.com/exploits/45949/ https://github.com/domainmod/domainmod/issues/84

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. Date published : 2018-11-29 https://www.exploit-db.com/exploits/45947/ https://github.com/domainmod/domainmod/issues/83

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. Date published : 2018-11-29 https://www.exploit-db.com/exploits/45946/ https://github.com/domainmod/domainmod/issues/82

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. Date published : 2018-11-29 https://www.exploit-db.com/exploits/45941/ https://github.com/domainmod/domainmod/issues/81

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare...

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter. Date published : 2018-11-29 https://github.com/fmsdwifull/tp5cms/issues/6

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type. Date published : 2018-11-29 https://github.com/fmsdwifull/tp5cms/issues/5

The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITYSYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. Date published : 2018-11-29 https://github.com/ossec/ossec-hids/issues/1585

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. Date published : 2018-11-29 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 https://usn.ubuntu.com/4190-1/