» 2016 » 2월

CVE-2016-2521

Posted on 2016년 2월 28일2016년 2월 28일 by admin

CVE-2016-2521

Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.

Source: CVE-2016-2521

CVE-2016-2572

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2016-2572

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Source: CVE-2016-2572

CVE-2016-2571

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Source: CVE-2016-2571

CVE-2016-2570

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2016-2570

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Source: CVE-2016-2570

CVE-2016-2569

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Source: CVE-2016-2569

CVE-2015-7261

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2015-7261

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

Source: CVE-2015-7261

CVE-2015-7262

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2015-7262

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.

Source: CVE-2015-7262

CVE-2015-6036 (sinage_station)

Posted on 2016년 2월 27일2016년 3월 3일 by admin

CVE-2015-6036 (sinage_station)

QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.

Source: CVE-2015-6036 (sinage_station)

CVE-2015-6036

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2015-6036

QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.

Source: CVE-2015-6036

CVE-2015-6022

Posted on 2016년 2월 27일2016년 2월 28일 by admin

CVE-2015-6022

Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.

Source: CVE-2015-6022