CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. Date published : 2019-02-17 https://github.com/bagesoft/bagecms/issues/5
Monthly Archive: February 2019
CVE-2019-8419
VNote 2.2 has XSS via a new text note. Date published : 2019-02-17 https://github.com/tamlok/vnote/issues/564
CVE-2019-8418
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. Date published : 2019-02-17 https://github.com/seacms/seacms-v7.2/issues/2
CVE-2019-8413
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661)....
CVE-2019-8412
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-.. or index.php?s=Admin-Data-Del-id-.. directory traversal. Date published : 2019-02-17 https://github.com/615/cms_vuln/blob/master/feifei.docx
CVE-2019-8411
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. Date published : 2019-02-17 https://github.com/615/VulnPoC/issues/1
CVE-2019-8408
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. Date published : 2019-02-17 https://github.com/Self-Evident/OneFileCMS/issues/51
CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. Date published : 2019-02-17 https://github.com/Neeke/HongCMS/issues/7
CVE-2019-8400
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Date published : 2019-02-17 https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06
CVE-2019-8398
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. Date published : 2019-02-17 https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
CVE-2019-8397
An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. Date published : 2019-02-17 https://github.com/magicSwordsMan/PAAFS/tree/master/vul5
CVE-2019-8396
A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an...
CVE-2019-8393
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. Date published : 2019-02-17 https://github.com/FantasticLBP/Hotels_Server/issues/4
CVE-2019-7649
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. Date published : 2019-02-17 https://github.com/arterli/CmsWing/issues/41