Archive | Security Bulletins RSS feed for this section

CVE-2019-8436

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

Leave a comment Continue Reading →

CVE-2019-8428

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

Leave a comment Continue Reading →

CVE-2019-7649

global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.

Leave a comment Continue Reading →

CVE-2019-8418

SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.

Leave a comment Continue Reading →

CVE-2019-8421

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.

Leave a comment Continue Reading →

CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in appsadmincontrollercontentContentController.php.

Leave a comment Continue Reading →

CVE-2019-8419

VNote 2.2 has XSS via a new text note.

Leave a comment Continue Reading →

CVE-2019-8411

admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

Leave a comment Continue Reading →

CVE-2019-8413

On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).

Leave a comment Continue Reading →

CVE-2019-8412

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-.. or index.php?s=Admin-Data-Del-id-.. directory traversal.

Leave a comment Continue Reading →