CVE-2018-21018
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
Source: CVE-2018-21018
[월:] 2019년 09월
CVE-2019-16694
CVE-2019-16694
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.
Source: CVE-2019-16694
CVE-2019-16693
CVE-2019-16693
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
Source: CVE-2019-16693
CVE-2019-16681
CVE-2019-16681
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
Source: CVE-2019-16681
CVE-2019-16680
CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Source: CVE-2019-16680
CVE-2019-16679
CVE-2019-16679
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Source: CVE-2019-16679
CVE-2019-16678
CVE-2019-16678
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
Source: CVE-2019-16678
CVE-2019-16677
CVE-2019-16677
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
Source: CVE-2019-16677
CVE-2019-16669
CVE-2019-16669
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
Source: CVE-2019-16669
CVE-2019-16656
CVE-2019-16656
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
Source: CVE-2019-16656