Archive for June, 2019

CVE-2018-20848

Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
Source: NIST
CVE-2018-20848

CVE-2019-13086

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
Source: NIST
CVE-2019-13086

CVE-2019-13084

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
Source: NIST
CVE-2019-13084

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir.
Source: NIST
CVE-2019-13082

CVE-2019-13085

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
Source: NIST
CVE-2019-13085

CVE-2019-13083

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
Source: NIST
CVE-2019-13083

CVE-2019-11822

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
Source: NIST
CVE-2019-11822

CVE-2019-11825

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
Source: NIST
CVE-2019-11825

CVE-2019-11826

Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
Source: NIST
CVE-2019-11826

CVE-2019-11827

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter.
Source: NIST
CVE-2019-11827