CVE-2018-14945
An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.
Source: CVE-2018-14945
[월:] 2018년 08월
CVE-2018-14946
CVE-2018-14946
An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).
Source: CVE-2018-14946
CVE-2018-14943
CVE-2018-14943
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
Source: CVE-2018-14943
CVE-2018-14952
CVE-2018-14952
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Source: CVE-2018-14952
CVE-2018-14939
CVE-2018-14939
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
Source: CVE-2018-14939
CVE-2018-14938
CVE-2018-14938
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
Source: CVE-2018-14938
CVE-2018-14937
CVE-2018-14937
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
Source: CVE-2018-14937
CVE-2018-14936
CVE-2018-14936
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
Source: CVE-2018-14936
CVE-2018-14933
CVE-2018-14933
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Source: CVE-2018-14933
CVE-2018-14541
CVE-2018-14541
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
Source: CVE-2018-14541