CVE-2018-10391
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
Source: CVE-2018-10391
[월:] 2018년 04월
CVE-2018-10424
CVE-2018-10424
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
Source: CVE-2018-10424
CVE-2018-10422
CVE-2018-10422
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
Source: CVE-2018-10422
CVE-2018-10423
CVE-2018-10423
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.
Source: CVE-2018-10423
CVE-2018-10381
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
Source: CVE-2018-10381
CVE-2018-8837
CVE-2018-8837
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
Source: CVE-2018-8837
CVE-2018-8835
CVE-2018-8835
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
Source: CVE-2018-8835
CVE-2018-8833
CVE-2018-8833
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
Source: CVE-2018-8833
CVE-2018-1335
CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Source: CVE-2018-1335
CVE-2018-5226
CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
Source: CVE-2018-5226