CVE-2018-11498

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.

Source: CVE-2018-11498

CVE-2018-11495

OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in adminmodelcatalogdownload.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.

Source: CVE-2018-11495

CVE-2018-11493

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.

Source: CVE-2018-11493

CVE-2018-11489

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Source: CVE-2018-11489

CVE-2018-11490

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode – 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Source: CVE-2018-11490

CVE-2018-11487

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.

Source: CVE-2018-11487

CVE-2018-11474

Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.

Source: CVE-2018-11474

CVE-2018-11471

Cockpit 0.5.5 has XSS via a collection, form, or region.

Source: CVE-2018-11471

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a .pipeWindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.

Source: CVE-2018-11479

CVE-2018-11475

Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.

Source: CVE-2018-11475