CVE-2018-10295

ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account.

Source: CVE-2018-10295

CVE-2018-10296

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.

Source: CVE-2018-10296

CVE-2018-10286

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.

Source: CVE-2018-10286

CVE-2018-9245

The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.

Source: CVE-2018-9245

CVE-2018-10285

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.

Source: CVE-2018-10285

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

Source: CVE-2018-10289

CVE-2018-10265

An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.

Source: CVE-2018-10265

CVE-2018-10268

An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the applicationapicontrollerUser.php avatar parameter.

Source: CVE-2018-10268

CVE-2018-10266

BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.

Source: CVE-2018-10266

CVE-2018-10267

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.

Source: CVE-2018-10267