cms made simple vulnerabilities and exploits

5
MEDIUM
CVE-2019-9692

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG)....

CmsmadesimpleCms Made Simple
6.5
MEDIUM
CVE-2019-9693

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id),...

6.5
MEDIUM
CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially...

NokiaI-240w-q Gpon Ont Firmware
9.3
HIGH
CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new...

10
HIGH
CVE-2018-15982

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution....

NA
CVE-2016-5346

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device firmware images have also been released to...

NA
CVE-2018-13149

Awesome CVE PoC A curated list of CVE PoCs. Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security. Please read the contribution guidelines before contributing. This repo is full of...

NA
CVE-2018-6177

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-6177: This CVE is addressed in the SUSE advisories openSUSE-SU-2018:2134-1, openSUSE-SU-2018:2135-1....

NA
CVE-2018-4407

Apple macOS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Kernel component. By sending specially crafted packets, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges....

NA
CVE-2018-9411

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android...