CVE-2018-1143
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
Source: CVE-2018-1143
[월:] 2018년 04월
CVE-2018-10219
CVE-2018-10219
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
Source: CVE-2018-10219
CVE-2017-18261
CVE-2017-18261
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
Source: CVE-2017-18261
CVE-2018-10223
CVE-2018-10223
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
Source: CVE-2018-10223
CVE-2018-10220
CVE-2018-10220
** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation.
Source: CVE-2018-10220
CVE-2018-9137
CVE-2018-10224
CVE-2018-10224
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
Source: CVE-2018-10224
CVE-2018-10222
CVE-2018-10222
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
Source: CVE-2018-10222
CVE-2018-10225
CVE-2018-10225
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.
Source: CVE-2018-10225
CVE-2018-10227
CVE-2018-10227
MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.
Source: CVE-2018-10227