Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Date published :...
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Date published : 2018-12-28 https://github.com/jbeder/yaml-cpp/issues/654
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Date published : 2018-12-28 https://github.com/jbeder/yaml-cpp/issues/655
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. Date published : 2018-12-28 https://github.com/wuzhicms/wuzhicms/issues/166
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.PublicConfigconfig.ini.php to read the global configuration file. Date published : 2018-12-28 https://github.com/AutismJH/damicms/issues/1
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. Date published : 2018-12-28 https://github.com/mdadams/jasper/issues/191 https://www.oracle.com/security-alerts/cpuapr2020.html
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Date published : 2018-12-28 https://github.com/nabby27/CMS/pull/2
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. Date published : 2018-12-28 https://github.com/nabby27/CMS/pull/2
An issue was discovered in DouCo DouPHP 1.5 20181221. installindex.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. Date published : 2018-12-28 https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#reloadapplication
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. Date published : 2018-12-28 https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#information-disclosure
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. Date published : 2018-12-28 https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss1
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. Date published : 2018-12-28 https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss4
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. Date published : 2018-12-28 https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss9
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. Date published : 2018-12-28 https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss6