EUVD-2018-8743

Malware in sbrugna...

upnp -- denial of service (crash)

CVE mitre reports: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/servicetable/servicetable.c...

raptor2 -- buffer overflow

CVE MITRE reports: raptorxmlwriterstartelementcommon in raptorxmlwriter.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows sometimes seen in raptorqnameformatasxml...

Western Digital My Net Wireless Routers - Password Disclosure

No description provided by source. Vulnerable Systems: Western Digital My Net Series Wireless Routers: N600 Firmware 1.03.12 N600 Firmware 1.04.16 N750 Firmware 1.03.12 N750 Firmware 1.04.16 N900 Firmware 1.05.12 N900 Firmware 1.06.18 N900 Firmware 1.06.28 N900C Firmware 1.05.12 N900C Firmware...

php5-sqlite -- open_basedir bypass

MITRE CVE team reports: The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

Summary SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores for your clients. Description SetSeed CMS is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input...

punbb -- NULL byte injection vulnerability

CVE Mitre reports: PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to adminoptions.php with an avatarsdir parameter ending in %00. NOTE:...