Author: Cyberthreat Blog

There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.

In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.

An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to...

An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php.

An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and...