CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
Source: CVE-2019-8421
[월:] 2019년 02월
CVE-2019-8419 (vnote)
CVE-2019-8418
CVE-2019-7649
CVE-2019-7649
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
Source: CVE-2019-7649
CVE-2019-8411 (zzcms)
CVE-2019-8411 (zzcms)
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
Source: CVE-2019-8411 (zzcms)
CVE-2019-8412
CVE-2019-8412
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-.. or index.php?s=Admin-Data-Del-id-.. directory traversal.
Source: CVE-2019-8412
CVE-2019-8413
CVE-2019-8413
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
Source: CVE-2019-8413
CVE-2019-8408 (onefilecms)
CVE-2019-8408 (onefilecms)
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.
Source: CVE-2019-8408 (onefilecms)
CVE-2019-8407 (hongcms)
CVE-2019-8407 (hongcms)
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
Source: CVE-2019-8407 (hongcms)
CVE-2018-20782 (woocommerce)
CVE-2018-20782 (woocommerce)
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
Source: CVE-2018-20782 (woocommerce)