CVE-2018-20557

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.

Source: CVE-2018-20557

CVE-2018-20559

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.

Source: CVE-2018-20559

CVE-2018-20558

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.

Source: CVE-2018-20558

CVE-2018-20552

Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.

Source: CVE-2018-20552

CVE-2018-20565

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.

Source: CVE-2018-20565

CVE-2018-20566

An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.

Source: CVE-2018-20566

CVE-2018-20553

Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.

Source: CVE-2018-20553

CVE-2018-20567

An issue was discovered in DouCo DouPHP 1.5 20181221. installindex.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read.

Source: CVE-2018-20567

CVE-2018-20561

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.

Source: CVE-2018-20561

CVE-2018-20563

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.

Source: CVE-2018-20563