Monthly Archive: July 2019

An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. Date published : 2019-07-10 https://github.com/eventum/eventum/releases/tag/v3.5.2 https://github.com/eventum/eventum/blob/master/CHANGELOG.md

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. Date published : 2019-07-10 https://github.com/eventum/eventum/releases/tag/v3.5.2 https://github.com/eventum/eventum/blob/master/CHANGELOG.md

An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. Date published : 2019-07-10 https://github.com/eventum/eventum/releases/tag/v3.5.2 https://github.com/eventum/eventum/blob/master/CHANGELOG.md

An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. Date published : 2019-07-10 https://github.com/eventum/eventum/releases/tag/v3.5.2 https://github.com/eventum/eventum/blob/master/CHANGELOG.md

In e107 v2.1.7, output without filtering results in XSS. Date published : 2019-07-10 https://github.com/e107inc/e107/issues/3170

An issue was discovered in the America’s Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS...

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. Date published : 2019-07-10 https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. Date published : 2019-07-10 https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7

Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. Date published : 2019-07-10 https://hackerone.com/reports/569966

There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow...

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful...

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability...

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. Date published : 2019-07-10 http://www.securityfocus.com/bid/109117 https://fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/

mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. Date published : 2019-07-10 https://fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/ https://github.com/cesanta/mongoose/pull/1035