Security Vulnerabilities - CVEs Published In February 2019
Frog CMS 0.9.5 provides a directory listing for a /public request.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-02-11
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-11
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-11
Traq 3.7.1 allows SQL Injection via a tickets?search= URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-11
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
CVSS Score
8.8
EPSS Score
0.001
Published
2019-02-11
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
CVSS Score
7.2
EPSS Score
0.011
Published
2019-02-11
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
CVSS Score
7.2
EPSS Score
0.011
Published
2019-02-11
Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-10
An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hls.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-02-10
An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-02-10