Monthly Archive: February 2019

Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a. Date published : 2019-02-24 https://github.com/libming/libming/issues/171

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write in...

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sde_evtlog_filter_write in...

XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. Date published : 2019-02-24 https://gist.github.com/redeye5/470708bd27ed115b29d0434255b9f7a0 https://github.com/wuzhicms/wuzhicms/issues/170

XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. Date published : 2019-02-24 https://gist.github.com/redeye5/57ccafea7263efec67c82b0503c72480 https://github.com/wuzhicms/wuzhicms/issues/172

XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. Date published : 2019-02-24 https://gist.github.com/redeye5/ebfef23f0a063b82779151f9cde8e480 https://github.com/wuzhicms/wuzhicms/issues/171

XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. Date published : 2019-02-24 https://gist.github.com/redeye5/ccbbc43330cc9821062249b78c916317 https://github.com/wuzhicms/wuzhicms/issues/169

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. Date published : 2019-02-24 https://www.exploit-db.com/exploits/46488/ http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html

The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php....

zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. Date published : 2019-02-24 https://github.com/NS-Sp4ce/ZZCMS-XSS/blob/master/xss.md

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote...

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect...

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. Date published : 2019-02-23 https://www.exploit-db.com/exploits/46549/ https://cxsecurity.com/issue/WLB-2018120091

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with...