Monthly Archive: December 2018

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure4

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#getshell

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#csrf

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure

UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss3

sadmincedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss2

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#getshell

UCMS 1.4.7 has ?do=user_addpost CSRF. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#csrf

UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. Date published : 2018-12-30 https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss1

Jspxcms v9.0.0 allows SSRF. Date published : 2018-12-30 https://gitee.com/jspxcms/Jspxcms/issues/IQAHK

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. Date published...

An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. Date published : 2018-12-30 https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f https://github.com/hs-web/hsweb-framework/issues/107

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. Date published : 2018-12-30 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNWF6BAU7S42O4LE4B74KIMHFE2HDNMI/