» 2017 » 2월

CVE-2017-5881 (gom_player)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-5881 (gom_player)

GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.

Source: CVE-2017-5881 (gom_player)

CVE-2017-6097 (mail-masta_plugin)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-6097 (mail-masta_plugin)

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to WordPress admin) with the POST Parameter: camp_id.

Source: CVE-2017-6097 (mail-masta_plugin)

CVE-2017-6071 (cms_made_simple, form_builder)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-6071 (cms_made_simple, form_builder)

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.

Source: CVE-2017-6071 (cms_made_simple, form_builder)

CVE-2017-6078 (maxview)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-6078 (maxview)

FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.

Source: CVE-2017-6078 (maxview)

CVE-2017-6070 (cms_made_simple, form_builder)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-6070 (cms_made_simple, form_builder)

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

Source: CVE-2017-6070 (cms_made_simple, form_builder)

CVE-2017-6098 (mail-masta_plugin)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-6098 (mail-masta_plugin)

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to WordPress admin) with the POST Parameter: list_id.

Source: CVE-2017-6098 (mail-masta_plugin)

CVE-2017-6072 (cms_made_simple, form_builder)

Posted on 2017년 2월 21일2017년 2월 24일 by admin

CVE-2017-6072 (cms_made_simple, form_builder)

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.

Source: CVE-2017-6072 (cms_made_simple, form_builder)

CVE-2016-9314

Posted on 2017년 2월 21일2017년 2월 21일 by admin

CVE-2016-9314

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.

Source: CVE-2016-9314

CVE-2017-6072

Posted on 2017년 2월 21일2017년 2월 21일 by admin

CVE-2017-6072

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.

Source: CVE-2017-6072

CVE-2016-9315

Posted on 2017년 2월 21일2017년 2월 21일 by admin

CVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin’s password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.

Source: CVE-2016-9315