Dark Reading
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17

In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.

CVE-2018-19350
PUBLISHED: 2018-11-17

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

CVE-2018-19341
PUBLISHED: 2018-11-17


The u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader…

CVE-2018-19342
PUBLISHED: 2018-11-17


The u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000…

CVE-2018-19343
PUBLISHED: 2018-11-17


The u3d plugin 9.3.0.10809 (aka pluginsU3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul…

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: