Security Vulnerabilities - CVEs Published In August 2018
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.
CVSS Score
8.5
EPSS Score
0.006
Published
2018-08-06
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-06
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-06
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-06
An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-06
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-06
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
CVSS Score
9.8
EPSS Score
0.67
Published
2018-08-06
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-06
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-08-06
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-08-06