» 2016 » 12월

CVE-2015-0854 (shutter)

Posted on 2016년 12월 30일2017년 1월 4일 by admin

CVE-2015-0854 (shutter)

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.

Source: CVE-2015-0854 (shutter)

CVE-2016-10081 (shutter)

Posted on 2016년 12월 30일2017년 1월 3일 by admin

CVE-2016-10081 (shutter)

/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.

Source: CVE-2016-10081 (shutter)

CVE-2016-9891 (dotclear)

Posted on 2016년 12월 30일2016년 12월 31일 by admin

CVE-2016-9891 (dotclear)

Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).

Source: CVE-2016-9891 (dotclear)

CVE-2016-9891

Posted on 2016년 12월 30일2016년 12월 30일 by admin

CVE-2016-9891

Source: CVE-2016-9891

CVE-2015-0854

Posted on 2016년 12월 30일2016년 12월 30일 by admin

CVE-2015-0854

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.

Source: CVE-2015-0854

CVE-2016-10081

Posted on 2016년 12월 30일2016년 12월 30일 by admin

CVE-2016-10081

/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.

Source: CVE-2016-10081

CVE-2016-7463 (esxi)

Posted on 2016년 12월 29일2016년 12월 30일 by admin

CVE-2016-7463 (esxi)

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.

Source: CVE-2016-7463 (esxi)

CVE-2016-9878 (spring_framework)

Posted on 2016년 12월 29일2016년 12월 30일 by admin

CVE-2016-9878 (spring_framework)

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Source: CVE-2016-9878 (spring_framework)

CVE-2016-7459 (vcenter_server)

Posted on 2016년 12월 29일2016년 12월 30일 by admin

CVE-2016-7459 (vcenter_server)

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Source: CVE-2016-7459 (vcenter_server)

CVE-2016-9877 (rabbitmq)

Posted on 2016년 12월 29일2016년 12월 30일 by admin

CVE-2016-9877 (rabbitmq)

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Source: CVE-2016-9877 (rabbitmq)