Monthly Archive: December 2018

In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated...

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. Date published : 2018-12-30 https://github.com/libming/libming/issues/168

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. Date published : 2018-12-30 https://github.com/nabby27/CMS/pull/3

Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. Date published : 2018-12-30 https://github.com/nabby27/CMS/pull/3

lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. Date published : 2018-12-30 https://github.com/caryll/otfcc/issues/59

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. Date published : 2018-12-30 http://www.securityfocus.com/bid/106356 https://security.gentoo.org/glsa/201908-03

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character...

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an...

ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged...

DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for...

Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an ‘{‘ or ‘[‘ character. Date published : 2018-12-28 https://github.com/contiki-ng/contiki-ng/issues/601

An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop....

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Date published : 2018-12-28...

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...