CVE-2017-17858
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
Source: CVE-2017-17858
CVE-2018-1043
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
Source: CVE-2018-1043
CVE-2018-1044
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
Source: CVE-2018-1044
CVE-2016-10709
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a ‘|’ character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Source: CVE-2016-10709
CVE-2018-5968
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Source: CVE-2018-5968
CVE-2017-18047
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
Source: CVE-2017-18047
CVE-2018-5960
Zenario v7.1 – v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories – Edit` module.
Source: CVE-2018-5960
CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
Source: CVE-2018-5961