» 2017 » 3월

CVE-2017-6529 (dnalims)

Posted on 2017년 3월 10일2017년 3월 14일 by admin

CVE-2017-6529 (dnalims)

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.

Source: CVE-2017-6529 (dnalims)

CVE-2017-6526 (dnalims)

Posted on 2017년 3월 10일2017년 3월 14일 by admin

CVE-2017-6526 (dnalims)

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).

Source: CVE-2017-6526 (dnalims)

CVE-2017-6589 (epiceditor)

Posted on 2017년 3월 10일2017년 3월 11일 by admin

CVE-2017-6589 (epiceditor)

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.

Source: CVE-2017-6589 (epiceditor)

CVE-2017-6528

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6528

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).

Source: CVE-2017-6528

CVE-2017-6526

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6526

Source: CVE-2017-6526

CVE-2017-6529

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6529

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.

Source: CVE-2017-6529

CVE-2017-6527

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6527

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).

Source: CVE-2017-6527

CVE-2017-6590

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6590

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it’s easy to create one. Then, it’s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.

Source: CVE-2017-6590

CVE-2017-6589

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6589

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.

Source: CVE-2017-6589

CVE-2017-6432

Posted on 2017년 3월 10일2017년 3월 10일 by admin

CVE-2017-6432

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.

Source: CVE-2017-6432