[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Dec 31 08:10:21 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d02a27fb by security tracker role at 2018-12-31T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote attackers to ...)
+	TODO: check
+CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
+	TODO: check
+CVE-2018-20612 (UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. ...)
+	TODO: check
+CVE-2018-20611 (imcat 4.4 allow XSS via a crafted cookie to the ...)
+	TODO: check
+CVE-2018-20610 (imcat 4.4 allows directory traversal via the root/run/adm.php efile ...)
+	TODO: check
+CVE-2018-20609 (imcat 4.4 allows remote attackers to obtain potentially sensitive ...)
+	TODO: check
+CVE-2018-20608 (imcat 4.4 allows remote attackers to read phpinfo output via the ...)
+	TODO: check
+CVE-2018-20607 (imcat 4.4 allows remote attackers to obtain potentially sensitive ...)
+	TODO: check
+CVE-2018-20606 (imcat 4.4 allows full path disclosure via a ...)
+	TODO: check
+CVE-2018-20605 (imcat 4.4 allows remote attackers to execute arbitrary PHP code by ...)
+	TODO: check
+CVE-2018-20604 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via ...)
+	TODO: check
+CVE-2018-20603 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html ...)
+	TODO: check
+CVE-2018-20602 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the ...)
+	TODO: check
+CVE-2018-20601 (UCMS 1.4.7 has XSS via the description parameter in an index.php ...)
+	TODO: check
+CVE-2018-20600 (sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit ...)
+	TODO: check
+CVE-2018-20599 (UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by ...)
+	TODO: check
+CVE-2018-20598 (UCMS 1.4.7 has ?do=user_addpost CSRF. ...)
+	TODO: check
+CVE-2018-20597 (UCMS 1.4.7 has XSS via the dir parameter in an index.php ...)
+	TODO: check
 CVE-2018-20596 (Jspxcms v9.0.0 allows SSRF. ...)
 	NOT-FOR-US: Jspxcms
 CVE-2018-20595 (A CSRF issue was discovered in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d02a27fb665031d2b9f320f07d4144aa2ad0d09c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d02a27fb665031d2b9f320f07d4144aa2ad0d09c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181231/5caf9e83/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list