CVE-2018-15846

An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator’s password via index.php?p=done&savedata=1.

Source: CVE-2018-15846

CVE-2018-15843

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.

Source: CVE-2018-15843

CVE-2018-15842

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.

Source: CVE-2018-15842

CVE-2018-15848

An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.

Source: CVE-2018-15848

CVE-2018-15844

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account’s password via /admin.php?s=/Admin/doedit.

Source: CVE-2018-15844

CVE-2018-15845

There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.

Source: CVE-2018-15845

CVE-2018-15871

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Source: CVE-2018-15871

CVE-2018-15870

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Source: CVE-2018-15870

CVE-2018-15875

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router’s admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

Source: CVE-2018-15875

CVE-2018-15874

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

Source: CVE-2018-15874