CVE-2018-10001
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.
Source: CVE-2018-10001
[월:] 2018년 04월
CVE-2018-10000
CVE-2018-10000
The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event.
Source: CVE-2018-10000
CVE-2017-9839
CVE-2017-9839
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
Source: CVE-2017-9839
CVE-2017-9838
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).
Source: CVE-2017-9838
CVE-2017-18260
CVE-2017-18260
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
Source: CVE-2017-18260
CVE-2017-18259
CVE-2017-18259
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
Source: CVE-2017-18259
CVE-2018-9996
CVE-2018-9996
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.
Source: CVE-2018-9996
CVE-2018-9995
CVE-2018-9995
TBK DVR4104 and DVR4216 devices allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Source: CVE-2018-9995
CVE-2016-9645
CVE-2016-9645
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
Source: CVE-2016-9645
CVE-2018-9993
CVE-2018-9993
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).
Source: CVE-2018-9993