161 matches found
Mozilla Firefox ESR Security Advisories (MFSA2018-15, MFSA2018-17) - 01 - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Mozilla Firefox ESR Security Advisories (MFSA2018-15, MFSA2018-17) - 01 - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Security vulnerabilities fixed in Firefox 61 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
qcms/fuzz: Use-of-uninitialized-value in clamp_float
Detailed report: https://oss-fuzz.com/testcase?key=5718259826425856 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzermsanqcms Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: clampfloat qcmstransformmodulematrix...
qcms/fuzz: Heap-buffer-overflow in qcms_transform_module_clut_only
Detailed report: https://oss-fuzz.com/testcase?key=4902996180729856 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzerasanqcms Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x6030000000e0 Crash State: qcmstransformmoduleclutonly...
qcms/fuzz: Use-of-uninitialized-value in clamp_float
Detailed report: https://oss-fuzz.com/testcase?key=6234196346404864 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzermsanqcms Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: clampfloat qcmstransformmodulematrix...
qcms/fuzz: Heap-buffer-overflow in qcms_transform_module_clut_only
Detailed report: https://oss-fuzz.com/testcase?key=5982351954804736 Project: qcms Fuzzer: aflqcmsfuzz Fuzz target binary: fuzz Job Type: aflasanqcms Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x6090000002b4 Crash State: qcmstransformmoduleclutonly...
qcms/fuzz: Use-of-uninitialized-value in read_nested_curveType
Detailed report: https://oss-fuzz.com/testcase?key=5644688471097344 Project: qcms Fuzzer: libFuzzerqcmsfuzz Fuzz target binary: fuzz Job Type: libfuzzermsanqcms Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: readnestedcurveType readtaglutmABType...
QCMS最新版3.0.1后台登录验证可绕过,结合任意文件上传可前台getshell
...
CVE-2018-8069
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...
CVE-2018-8070
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...
CVE-2018-8069
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...
CVE-2018-8070
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...
Design/Logic Flaw
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...
CVE-2018-8069
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...
CVE-2018-8070
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI...
CVE-2018-8070
CVE-2018-8070 describes an XSS vulnerability in QCMS 3.0 triggered by the title parameter to the /guest/index.html URI. The issue is due to improper handling of user-supplied input in that parameter, enabling cross-site scripting. Multiple connected sources (Red Hat, CNVD, and others) confirm the...
CVE-2018-8069
QCMS 3.0 is affected by a cross-site scripting vulnerability: an attacker can inject arbitrary script via the webname parameter in the /backend/system.html URI. The issue is reported across multiple sources (NVD CVE-2018-8069 and Red Hat/CNVD entries). The root cause is improper handling/encoding...
QCMS Cross-Site Scripting Vulnerability
QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in QCMS version 3.0. A remote attacker can exploit this vulnerability by sending the 'webname' parameter to the /backend/system.html URI to inject arbitrary web scrip...
The vulnerability of the Firefox browser allows a remote attacker to gain access to the dynamic memory of the process or trigger a service denial-of-service attack.
The vulnerability of the Firefox browser in the implementation of the QCMS component allows a malicious actor to gain access to confidential information from the dynamic memory of the process, or to trigger a service failure reading beyond the boundaries of the system by using an image that is...