CVE-2018-17320
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
Source: CVE-2018-17320
[월:] 2018년 09월
CVE-2018-17317
CVE-2018-17317
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.
Source: CVE-2018-17317
CVE-2018-17174
CVE-2018-17174
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.
Source: CVE-2018-17174
CVE-2018-17173
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
Source: CVE-2018-17173
CVE-2018-17141
CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
Source: CVE-2018-17141
CVE-2018-16965
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Source: CVE-2018-16965
CVE-2018-16822
CVE-2018-16822
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
Source: CVE-2018-16822
CVE-2018-17050
CVE-2018-17050
The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
Source: CVE-2018-17050
CVE-2018-17003
CVE-2018-17003
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
Source: CVE-2018-17003
CVE-2018-16833
CVE-2018-16833
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
Source: CVE-2018-16833