Security Vulnerabilities - CVEs Published In November 2018
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-12
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-11-12
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-11-12