CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

DEBIAN-CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

UBUNTU-CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +3 more potentially affected by CVE-2018-3787 via simplehttpserver (>=0.0.6 <=0.1.1)

simplehttpserver NPM version =0.0.6, =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-3787 Source advisory: OSV:GHSA-GPVJ-Q7FP-JCCH...

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-16343

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf in include/main.class.php does not block use of $GLOBALS...

CVE-2018-16343

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf in include/main.class.php does not block use of $GLOBALS...

CVE-2018-16343

SeaCMS 6.61 contains a remote code execution flaw: the parseIf() function in include/main.class.php fails to block use of $GLOBALS, enabling attackers to run arbitrary code. This has been documented across multiple sources (CNVD-2018-19075 and NVD/NVD-derived entries) and is tied to SeaCMS’s PHP ...

Microsoft Outlook 365 - Arbitrary File Upload Vulnerability

Document Title: =============== Microsoft Outlook 365 - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1513 Release Date: ============= 2018-08-08 Vulnerability Laboratory ID VL-ID: ===================================...

Security update for cups (moderate)

This update for cups fixes the following issues: The following security vulnerabilities were fixed: - CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. bsc1061066 bsc1087018 - Fixed a local...

Null pointer dereference

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cbmodel.h...

USN-3713-1 cups vulnerabilities

It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. CVE-2017-18248 Dan...

CVE-2018-11588

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...

Gitmails - An Information Gathering Tool To Colect Git Commit Emails In Version Control Host Services

An information gathering tool to colect git commit emails in version control host services. Overview Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. What Gitmails does is:...

File Upload Vulnerability in DedeCMS v5.7 SP2

Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the uploads/include/uploadsafe.inc.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload script files and obtain a webshell...

CVE-2018-9145

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the...