CVE-2017-18258
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Source: CVE-2017-18258
CVE-2018-6905
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS[‘TYPO3_CONF_VARS’][‘SYS’][‘sitename’], as demonstrated by an admin entering a crafted site name during the installation process.
Source: CVE-2018-6905
CVE-2018-9852
In Gxlcms QY v1.0.0713, LibLibActionHomeHitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.
Source: CVE-2018-9852
CVE-2018-9851
In Gxlcms QY v1.0.0713, LibLibActionAdminTplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of ‘|’ instead of ‘/’ as a directory separator, in conjunction with a ".." sequence.
Source: CVE-2018-9851
CVE-2018-9850
In Gxlcms QY v1.0.0713, LibLibActionAdminDataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
Source: CVE-2018-9850
CVE-2018-9848
In Gxlcms QY v1.0.0713, the upload function in LibLibActionAdminUploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.
Source: CVE-2018-9848
CVE-2018-9325
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.
Source: CVE-2018-9325
CVE-2018-9847
In Gxlcms QY v1.0.0713, the update function in LibLibActionAdminTplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
Source: CVE-2018-9847
CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it’s possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
Source: CVE-2018-9846
CVE-2018-9326
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.
Source: CVE-2018-9326