CVE-2018-5073
Online Ticket Booking has CSRF via admin/movieedit.php.
Source: CVE-2018-5073
[월:] 2018년 01월
CVE-2017-1000487
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
Source: CVE-2017-1000487
CVE-2017-1000486
CVE-2017-1000486
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
Source: CVE-2017-1000486
CVE-2017-1000485
CVE-2017-1000485
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.
Source: CVE-2017-1000485
CVE-2018-5076
CVE-2018-5076
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.
Source: CVE-2018-5076
CVE-2018-5077
CVE-2018-5077
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.
Source: CVE-2018-5077
CVE-2017-1000462
CVE-2017-1000462
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
Source: CVE-2017-1000462
CVE-2018-5075
CVE-2018-5075
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.
Source: CVE-2018-5075
CVE-2018-5074
CVE-2018-5074
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.
Source: CVE-2018-5074
CVE-2017-1000460
CVE-2017-1000460
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
Source: CVE-2017-1000460