CVE-2018-11433
The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.
Source: CVE-2018-11433
[월:] 2018년 05월
CVE-2018-11559
CVE-2018-11559
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.
Source: CVE-2018-11559
CVE-2018-11557
CVE-2018-11557
YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.
Source: CVE-2018-11557
CVE-2018-11556
CVE-2018-11556
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.
Source: CVE-2018-11556
CVE-2018-11233
CVE-2018-11233
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Source: CVE-2018-11233
CVE-2018-11555
CVE-2018-11555
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.
Source: CVE-2018-11555
CVE-2018-11558
CVE-2018-11558
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.
Source: CVE-2018-11558
CVE-2018-11235
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone –recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Source: CVE-2018-11235
CVE-2018-11544
CVE-2018-11544
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
Source: CVE-2018-11544
CVE-2018-11549
CVE-2018-11549
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
Source: CVE-2018-11549