» 2016 » 8월

CVE-2016-6139 (trex)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-6139 (trex)

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

Source: CVE-2016-6139 (trex)

CVE-2016-6138 (trex)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-6138 (trex)

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

Source: CVE-2016-6138 (trex)

CVE-2016-5000 (poi)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-5000 (poi)

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Source: CVE-2016-5000 (poi)

CVE-2016-3640 (hana_db)

Posted on 2016년 8월 5일2016년 8월 16일 by admin

CVE-2016-3640 (hana_db)

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.091.00.1418659308 allows local users to obtain sensitive password information via vectors related to passwords in Web Dispatcher trace files, aka SAP Security Note 2148905.

Source: CVE-2016-3640 (hana_db)

CVE-2016-3640

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-3640

Source: CVE-2016-3640

CVE-2016-3196 (fortianalyzer_firmware, fortimanager_firmware)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-3196 (fortianalyzer_firmware, fortimanager_firmware)

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.2.6 and FortiManager 5.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.

Source: CVE-2016-3196 (fortianalyzer_firmware, fortimanager_firmware)

CVE-2016-3097 (network_satellite)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-3097 (network_satellite)

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

Source: CVE-2016-3097 (network_satellite)

CVE-2016-3080 (network_satellite)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-3080 (network_satellite)

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

Source: CVE-2016-3080 (network_satellite)

CVE-2016-1513 (openoffice)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-1513 (openoffice)

The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.

Source: CVE-2016-1513 (openoffice)

CVE-2016-5268 (firefox)

Posted on 2016년 8월 5일2016년 8월 6일 by admin

CVE-2016-5268 (firefox)

Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.

Source: CVE-2016-5268 (firefox)