» 2016 » 2월

CVE-2016-2542

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2016-2542

Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.

Source: CVE-2016-2542

CVE-2016-1341

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2016-1341

Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.

Source: CVE-2016-1341

CVE-2015-8277

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2015-8277

Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.

Source: CVE-2015-8277

CVE-2015-8805

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2015-8805

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.

Source: CVE-2015-8805

CVE-2015-8804

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2015-8804

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

Source: CVE-2015-8804

CVE-2015-8803

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2015-8803

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.

Source: CVE-2015-8803

CVE-2013-7448

Posted on 2016년 2월 24일2016년 2월 24일 by admin

CVE-2013-7448

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.

Source: CVE-2013-7448

CVE-2016-2537

Posted on 2016년 2월 23일2016년 2월 24일 by admin

CVE-2016-2537

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports[‘utc-millisec’] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.

Source: CVE-2016-2537

CVE-2016-1157 (log-chat)

Posted on 2016년 2월 23일2016년 2월 25일 by admin

CVE-2016-1157 (log-chat)

Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2016-1157 (log-chat)

CVE-2016-1157

Posted on 2016년 2월 23일2016년 2월 24일 by admin

CVE-2016-1157

Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2016-1157