CVE-2018-5658

CVE: CVE-2018-5658
Published: 2018-01-13T00:29Z
Vendor: responsive_coming_soon_page_project
Products: responsive_coming_soon_page
Versions: 1.1.18,
Description Language: en
Description: An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md
https://wpvulndb.com/vulnerabilities/9010

CVE-2018-5657

CVE: CVE-2018-5657
Published: 2018-01-13T00:29Z
Vendor: responsive_coming_soon_page_project
Products: responsive_coming_soon_page
Versions: 1.1.18,
Description Language: en
Description: An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md
https://wpvulndb.com/vulnerabilities/9010

CVE-2018-5656

CVE: CVE-2018-5656
Published: 2018-01-13T00:29Z
Vendor: weblizar
Products: pinterest-feeds
Versions: 1.1.1,
Description Language: en
Description: An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md

CVE-2018-5655

CVE: CVE-2018-5655
Published: 2018-01-13T00:29Z
Vendor: weblizar
Products: pinterest-feeds
Versions: 1.1.1,
Description Language: en
Description: An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md

CVE-2018-5654

CVE: CVE-2018-5654
Published: 2018-01-13T00:29Z
Vendor: weblizar
Products: pinterest-feeds
Versions: 1.1.1,
Description Language: en
Description: An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md
https://wpvulndb.com/vulnerabilities/9009

CVE-2018-5653

CVE: CVE-2018-5653
Published: 2018-01-13T00:29Z
Vendor: weblizar
Products: pinterest-feeds
Versions: 1.1.1,
Description Language: en
Description: An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md
https://wpvulndb.com/vulnerabilities/9009

CVE-2018-5652

CVE: CVE-2018-5652
Published: 2018-01-13T00:29Z
Vendor: dark_mode_project
Products: dark_mode
Versions: 1.6,
Description Language: en
Description: An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md
https://wpvulndb.com/vulnerabilities/9008

CVE-2018-5651

CVE: CVE-2018-5651
Published: 2018-01-13T00:29Z
Vendor: dark_mode_project
Products: dark_mode
Versions: 1.6,
Description Language: en
Description: An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md
https://wpvulndb.com/vulnerabilities/9008

CVE-2018-0486

CVE: CVE-2018-0486
Published: 2018-01-13T18:29Z
Vendor: debian
Products: debian_linux
Versions: 7.0, 8.0, 9.0,
Description Language: en
Description: Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
References:
http://www.securitytracker.com/id/1040177
https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html
https://lists.debian.org/debian-security-announce/2018/msg00007.html
https://shibboleth.net/community/advisories/secadv_20180112.txt
https://www.debian.org/security/2018/dsa-4085

CVE-2018-5650

CVE: CVE-2018-5650
Published: 2018-01-12T22:29Z
Vendor: long_range_zip_project
Products: long_range_zip
Versions: 0.631,
Description Language: en
Description: In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
References:
https://github.com/ckolivas/lrzip/issues/88

CVE-2018-5377

CVE: CVE-2018-5377
Published: 2018-01-12T09:29Z
Vendor: discuz
Products: discuzx
Versions: x3.4,
Description Language: en
Description: Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
References:
http://www.whsgwl.net/text.php?textid=36

CVE-2018-5376

CVE: CVE-2018-5376
Published: 2018-01-12T09:29Z
Vendor: discuz
Products: discuzx
Versions: x3.4,
Description Language: en
Description: Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
References:
http://www.whsgwl.net/text.php?textid=35

CVE-2018-5375

CVE: CVE-2018-5375
Published: 2018-01-12T09:29Z
Vendor: discuz
Products: discuzx
Versions: x3.4,
Description Language: en
Description: Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
References:
http://www.whsgwl.net/text.php?textid=34

CVE-2018-5374

CVE: CVE-2018-5374
Published: 2018-01-12T09:29Z
Vendor: slidervilla
Products: dbox_slider
Versions: 1.2.2,
Description Language: en
Description: The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
References:
http://www.defensecode.com/advisories/DC-2017-01-003_WordPress_Dbox_3D_Slider_Lite_Plugin_Advisory.pdf

CVE-2018-5373

CVE: CVE-2018-5373
Published: 2018-01-12T09:29Z
Vendor: slidervilla
Products: smooth_slider
Versions: 2.8.6,
Description Language: en
Description: The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).
References:
http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf