Monthly Archive: June 2020

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC...

playSMS through 1.4.3 is vulnerable to session fixation. Date published : 2020-06-24 https://github.com/antonraharja/playSMS/issues/605

The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. Date published : 2020-06-24 https://gist.github.com/chppppp/9b003d8416e6d3a89d2873a58af2a95f

pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. Date published : 2020-06-24 https://github.com/pramodmahato/BlogCMS/issues/1

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Date published : 2020-06-24 https://bugs.launchpad.net/mailman/+bug/1877379 https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html

A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of...

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. Date published : 2020-06-24 https://github.com/bludit/bludit/issues/1212

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so...

Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Date published : 2020-06-24 https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29 https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. Date published : 2020-06-24 https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1 https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240

In Xiaomi router R3600, ROM version

In Xiaomi router R3600, ROM version

An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present...

An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a...