- Sara Peters 125x125 - Dark Reading News Desk Live at Black Hat USA 2018

Enterprise
From DHS/US-CERT’s National Vulnerability Database

CVE-2018-14958
PUBLISHED: -08-05

An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.

CVE-2018-14959
PUBLISHED: 2018-08-05

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.

CVE-2018-14939
PUBLISHED: 2018-08-05


The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impa…

CVE-2018-14940
PUBLISHED: 2018-08-05

PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.

CVE-2018-14941
PUBLISHED: 2018-08-05

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here