CVE-2018-9990

CVE-2018-9990 affects Zulip Server prior to 1.7.2, where an XSS flaw exists in stream names used by the topic typeahead. Affected product is Zulip Server; root cause is an XSS in the UI typeahead for stream names (no exploit details provided in the documents). The issue is mitigated by updating t...

Cross-site scripting vulnerability in DedeCMS V5.7 SP2 official system "Topic Management".

Weaving dream content management system DedeCms is a PHP open source website management system. A cross-site scripting vulnerability exists in the "Topic Management" section of DedeCMS V5.7 SP2. Attackers can insert malicious js code in the page to obtain user cookies and other information,...

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in /ajax.php/form/help-topic in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the he...

EPIC MyChart - X-Path Injection

Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested o...

Discourse: Gaining access to private topics using quoting feature

Description Some topics have limited access to certain groups and users, and while there exists a validation for access on this topic, it can be bypassed by abusing a vulnerability in the "onebox" quoting feature. When pasting a link in a reply, if this link happens to be a link to another topic ...

MGASA-2018-0069 Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

USN-3527-1 irssi vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. CVE-2018-5205 Joseph Bisch discovered that...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

phpbb3 -- multiple issues

phpbb developers reports: Password updater working with PostgreSQL - The cron for updating legacy password hashes was running invalid queries on PostgreSQL. Deleting orphaned attachments w/ large number of orphaned attachments - Orphaned attachment deletion was improved to be able to delete them...

Null pointer dereference

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

ALPINE-CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

DEBIAN-CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

UBUNTU-CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer...

Vanilla Forums Cross-Site Request Forgery Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . A cross-site request forgery vulnerability exists in versions of Vanilla Forums prior to 2.1.5. A remote attacker can exploit this vulnerability to delete topics and comments on the forum...