An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or...
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. Date published : 2019-04-20 http://www.iwantacve.cn/index.php/archives/208/ https://github.com/vedees/wcms/issues/2
** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. Date published : 2019-04-20 https://www.exploit-db.com/exploits/46739/ http://packetstormsecurity.com/files/152604/Msvod-10-Cross-Site-Request-Forgery.html
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. Date published : 2019-04-20 https://www.exploit-db.com/exploits/46738/ http://packetstormsecurity.com/files/152603/74CMS-5.0.1-Cross-Site-Request-Forgery.html
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. Date published : 2019-04-20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOA4AWTRLWVQBZZAKXXQHP7M2NK6CB3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYF5I42OBJR7HKJD2OFS6LP26I52IT3M/
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. Date published : 2019-04-20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOA4AWTRLWVQBZZAKXXQHP7M2NK6CB3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYF5I42OBJR7HKJD2OFS6LP26I52IT3M/
BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. Date published : 2019-04-20 https://github.com/lh3/bwa/issues/239
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of...
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by...
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. Date published : 2019-04-20 https://github.com/rocboss/ROCBOSS/issues/12
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target...
IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147708. Date published : 2019-04-19 http://www.securityfocus.com/bid/108031 http://www.ibm.com/support/docview.wss?uid=ibm10881546
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. Date published : 2019-04-19 https://forum.vestacp.com/viewtopic.php?f=25&t=18599&sid=fc1a48fd2f43815b2dc69c3f64caed36 https://github.com/serghey-rodin/vesta/commit/c28c5d29a3c61bc8110c11349e3f2309cd537cfa