» 2017 » 8월

CVE-2017-11158

Posted on 2017년 8월 31일2017년 8월 31일 by admin

CVE-2017-11158

Multiple untrusted search path vulnerabilities in installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.

Source: CVE-2017-11158

CVE-2017-14051 (linux_kernel)

Posted on 2017년 8월 31일2017년 9월 2일 by admin

CVE-2017-14051 (linux_kernel)

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

Source: CVE-2017-14051 (linux_kernel)

CVE-2017-13670 (blackcat_cms)

Posted on 2017년 8월 31일2017년 9월 2일 by admin

CVE-2017-13670 (blackcat_cms)

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.

Source: CVE-2017-13670 (blackcat_cms)

CVE-2017-14050 (blackcat_cms)

Posted on 2017년 8월 31일2017년 9월 2일 by admin

CVE-2017-14050 (blackcat_cms)

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.

Source: CVE-2017-14050 (blackcat_cms)

CVE-2017-14048 (blackcat_cms)

Posted on 2017년 8월 31일2017년 9월 2일 by admin

CVE-2017-14048 (blackcat_cms)

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.

Source: CVE-2017-14048 (blackcat_cms)

CVE-2017-14049 (blackcat_cms)

Posted on 2017년 8월 31일2017년 9월 2일 by admin

CVE-2017-14049 (blackcat_cms)

In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.

Source: CVE-2017-14049 (blackcat_cms)

CVE-2017-14048

Posted on 2017년 8월 31일2017년 8월 31일 by admin

CVE-2017-14048

Source: CVE-2017-14048

CVE-2017-13670

Posted on 2017년 8월 31일2017년 8월 31일 by admin

CVE-2017-13670

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file.

Source: CVE-2017-13670

CVE-2017-14049

Posted on 2017년 8월 31일2017년 8월 31일 by admin

CVE-2017-14049

In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.

Source: CVE-2017-14049

CVE-2017-14050

Posted on 2017년 8월 31일2017년 8월 31일 by admin

CVE-2017-14050

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.

Source: CVE-2017-14050