CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
Source: CVE-2018-9327
[월:] 2018년 04월
CVE-2018-9330
CVE-2018-9330
register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942.
Source: CVE-2018-9330
CVE-2018-9844
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
Source: CVE-2018-9844
CVE-2018-9841
CVE-2018-9841
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
Source: CVE-2018-9841
CVE-2018-9331
CVE-2018-9331
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
Source: CVE-2018-9331
CVE-2018-9838
CVE-2018-9838
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.00 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.
Source: CVE-2018-9838
CVE-2013-6876
CVE-2013-6876
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.
Source: CVE-2013-6876
CVE-2014-1226
CVE-2014-1226
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.
Source: CVE-2014-1226
CVE-2014-2359
CVE-2014-2359
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.
Source: CVE-2014-2359
CVE-2014-3539
CVE-2014-3539
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
Source: CVE-2014-3539