[Git][security-tracker-team/security-tracker][master] automatic update

Mon, 31 Dec 2018 00:10:57 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d02a27fb by security tracker role at 2018-12-31T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote 
attackers to ...)
+       TODO: check
+CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
+       TODO: check
+CVE-2018-20612 (UWA 2.3.11 allows 
index.php?g=admin&c=admin&a=add_admin_do CSRF. ...)
+       TODO: check
+CVE-2018-20611 (imcat 4.4 allow XSS via a crafted cookie to the ...)
+       TODO: check
+CVE-2018-20610 (imcat 4.4 allows directory traversal via the root/run/adm.php 
efile ...)
+       TODO: check
+CVE-2018-20609 (imcat 4.4 allows remote attackers to obtain potentially 
sensitive ...)
+       TODO: check
+CVE-2018-20608 (imcat 4.4 allows remote attackers to read phpinfo output via 
the ...)
+       TODO: check
+CVE-2018-20607 (imcat 4.4 allows remote attackers to obtain potentially 
sensitive ...)
+       TODO: check
+CVE-2018-20606 (imcat 4.4 allows full path disclosure via a ...)
+       TODO: check
+CVE-2018-20605 (imcat 4.4 allows remote attackers to execute arbitrary PHP 
code by ...)
+       TODO: check
+CVE-2018-20604 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal 
via ...)
+       TODO: check
+CVE-2018-20603 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows 
admin.php?s=/Member/add.html ...)
+       TODO: check
+CVE-2018-20602 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure 
via the ...)
+       TODO: check
+CVE-2018-20601 (UCMS 1.4.7 has XSS via the description parameter in an 
index.php ...)
+       TODO: check
+CVE-2018-20600 (sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php 
sadmin_cedit ...)
+       TODO: check
+CVE-2018-20599 (UCMS 1.4.7 allows remote attackers to execute arbitrary PHP 
code by ...)
+       TODO: check
+CVE-2018-20598 (UCMS 1.4.7 has ?do=user_addpost CSRF. ...)
+       TODO: check
+CVE-2018-20597 (UCMS 1.4.7 has XSS via the dir parameter in an index.php ...)
+       TODO: check
 CVE-2018-20596 (Jspxcms v9.0.0 allows SSRF. ...)
        NOT-FOR-US: Jspxcms
 CVE-2018-20595 (A CSRF issue was discovered in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d02a27fb665031d2b9f320f07d4144aa2ad0d09c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d02a27fb665031d2b9f320f07d4144aa2ad0d09c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to