Security Vulnerabilities - CVEs Published In June 2018
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-05
RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-06-05
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-06-05
plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-06-05
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-06-05
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-06-05
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-06-05
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-06-05
nZEDb v0.7.3.3 has XSS in the 404 error page.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-06-05
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-05