Security Vulnerabilities - CVEs Published In November 2018
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-11-22
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-22
An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-22
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-22
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-22
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-11-22
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-11-22
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
CVSS Score
3.8
EPSS Score
0.002
Published
2018-11-21
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
CVSS Score
3.8
EPSS Score
0.002
Published
2018-11-21
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
CVSS Score
7.2
EPSS Score
0.812
Published
2018-11-21