» 2017 » 3월

CVE-2017-6574 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6574 (mail-masta)

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.

Source: CVE-2017-6574 (mail-masta)

CVE-2017-6577 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6577 (mail-masta)

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.

Source: CVE-2017-6577 (mail-masta)

CVE-2017-6571 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6571 (mail-masta)

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.

Source: CVE-2017-6571 (mail-masta)

CVE-2017-6555 (cms_made_simple)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6555 (cms_made_simple)

Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").

Source: CVE-2017-6555 (cms_made_simple)

CVE-2017-6561 (agora-project)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6561 (agora-project)

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.

Source: CVE-2017-6561 (agora-project)

CVE-2017-6572 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6572 (mail-masta)

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.

Source: CVE-2017-6572 (mail-masta)

CVE-2017-6576 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6576 (mail-masta)

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.

Source: CVE-2017-6576 (mail-masta)

CVE-2017-6578 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6578 (mail-masta)

Source: CVE-2017-6578 (mail-masta)

CVE-2017-6573 (mail-masta)

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6573 (mail-masta)

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.

Source: CVE-2017-6573 (mail-masta)

CVE-2017-6549

Posted on 2017년 3월 9일2017년 3월 10일 by admin

CVE-2017-6549

Session hijack vulnerability in httpd in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

Source: CVE-2017-6549