Security Vulnerabilities - CVEs Published In October 2018
SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-10-01
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
CVSS Score
5.5
EPSS Score
0.005
Published
2018-10-01
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-01
In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-01
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-10-01
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-01
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
CVSS Score
8.8
EPSS Score
0.011
Published
2018-10-01
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-10-01
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-10-01
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-10-01