» 2017 » 1월

CVE-2017-5543

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.

Source: CVE-2017-5543

CVE-2017-5542

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2017-5542

Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.

Source: CVE-2017-5542

CVE-2016-5725 (jsch)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2016-5725 (jsch)

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a .. (dot dot backslash) in a response to a recursive GET command.

Source: CVE-2016-5725 (jsch)

CVE-2016-5725

Posted on 2017년 1월 20일2017년 1월 20일 by admin

CVE-2016-5725

Source: CVE-2016-5725

CVE-2016-9016 (firejail)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2016-9016 (firejail)

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Source: CVE-2016-9016 (firejail)

CVE-2015-8212 (netbsd)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2015-8212 (netbsd)

CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

Source: CVE-2015-8212 (netbsd)

CVE-2016-7545 (enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, selinux)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2016-7545 (enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, selinux)

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Source: CVE-2016-7545 (enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, selinux)

CVE-2016-7794 (git-hub)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2016-7794 (git-hub)

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.

Source: CVE-2016-7794 (git-hub)

CVE-2016-7793 (git-hub)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2016-7793 (git-hub)

sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.

Source: CVE-2016-7793 (git-hub)

CVE-2016-10075 (tqdm)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

CVE-2016-10075 (tqdm)

The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

Source: CVE-2016-10075 (tqdm)