Security Vulnerabilities - CVEs Published In August 2018
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-08-03
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-08-03
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
CVSS Score
7.5
EPSS Score
0.912
Published
2018-08-03
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-08-03
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
CVSS Score
7.0
EPSS Score
0.003
Published
2018-08-03
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-08-03
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-08-03
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-08-03
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2018-08-03
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-03