CVE-2018-14954
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
Source: CVE-2018-14954
[월:] 2018년 08월
CVE-2018-14940
CVE-2018-14940
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
Source: CVE-2018-14940
CVE-2018-14953
CVE-2018-14953
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
Source: CVE-2018-14953
CVE-2018-14951
CVE-2018-14951
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action=’data:text" attack.
Source: CVE-2018-14951
CVE-2018-14944
CVE-2018-14944
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.
Source: CVE-2018-14944
CVE-2018-14948
CVE-2018-14948
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Source: CVE-2018-14948
CVE-2018-14950
CVE-2018-14950
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Source: CVE-2018-14950
CVE-2018-14947
CVE-2018-14947
An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Source: CVE-2018-14947
CVE-2018-14942
CVE-2018-14942
Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data.
Source: CVE-2018-14942
CVE-2018-14941
CVE-2018-14941
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.
Source: CVE-2018-14941