Security Vulnerabilities - CVEs Published In October 2018
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
CVSS Score
7.2
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
CVSS Score
7.2
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.004
Published
2018-10-29
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.004
Published
2018-10-29
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-10-29