CVE-2017-17636

The CVE-2017-17636 entry concerns MLM Forced Matrix 2.0.9 with a SQL injection in news-detail.php using the newid parameter. The vulnerability is described as exploitable remotely without authentication, with impact on confidentiality, integrity, and availability (per CVSS metrics: CVSSv2 base 7....

November 22, 2017—KB4055254 (OS Build 15063.729)

November 22, 2017—KB4055254 OS Build 15063.729 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects some Epson SIDM Dot Matrix and TM POS printers that won't pri...

November 27, 2017—KB4051034 (Preview of Monthly Rollup)

November 27, 2017—KB4051034 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4048957 released November 14, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addressed...

MLM Forced Matrix 2.0.9 - newid SQL Injection

MLM Forced Matrix 2.0.9 - newid SQL Injection Exploit Title: MLM Forced Matrix 2.0.9 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forced-matrix/ Version: 2.0.9 Category: Webapps Tested on:...

Squiz Matrix Matrix WYSIWYG plugin cross-site scripting vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia.Matrix WYSIWYG plugins is a WYSIWYG editor plugin used in it. A cross-site scripting vulnerability exists in the Matrix WYSIWYG plugin in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remo...

Squiz Matrix File Bridge Plugin Path Traversal Vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia.File Bridge plugin is a file bridging plugin used in... A path traversal vulnerability exists in the File Bridge plugin in Squiz Matrix versions 5.3 through 5.3.6.1 and 5.4.1.3. An attacker could use this vulnerability t...

Squiz Matrixa Remote Code Execution Vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia. A remote code execution vulnerability exists in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remote attacker can exploit the vulnerability to execute code with the help of a maliciously...

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

CVE-2017-14198

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...

CVE-2017-14196

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...

CVE-2017-14198

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...

CVE-2017-14196

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...

Cross site scripting

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

Path traversal

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...

Remote code execution

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

CVE-2017-14196

Summary: CVE-2017-14196 is a path traversal information-disclosure vulnerability in Squiz Matrix, affecting the File Bridge plugin. Affected versions: 5.3 through 5.3.6.1 and 5.4.1.3. Root cause/impact: a path traversal flaw allows an attacker to confirm the existence of files outside the bridged...

CVE-2017-14197

Squiz Matrix WYSIWYG plugin is affected by multiple reflected XSS issues. Affected: Matrix WYSIWYG plugins in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Impact: remote attacker can inject arbitrary web script or HTML. Remediation: upgrade to 5.3.6.1 or 5.4.1.3 (or newer) where fixed.

CVE-2017-14198

Summary: CVE-2017-14198 affects Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. The connected CNVD/NVD entries corroborate the affected versions an...