» 2017 » 9월

CVE-2017-14132 (jasper)

Posted on 2017년 9월 5일2017년 9월 7일 by admin

CVE-2017-14132 (jasper)

JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.

Source: CVE-2017-14132 (jasper)

CVE-2017-14126 (participants_database)

Posted on 2017년 9월 5일2017년 9월 7일 by admin

CVE-2017-14126 (participants_database)

The Participants Database plugin before 1.7.5.10 for WordPress has XSS.

Source: CVE-2017-14126 (participants_database)

CVE-2017-14129 (binutils)

Posted on 2017년 9월 5일2017년 9월 7일 by admin

CVE-2017-14129 (binutils)

The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.

Source: CVE-2017-14129 (binutils)

CVE-2017-14123

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14123

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.

Source: CVE-2017-14123

CVE-2017-14126

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14126

The Participants Database plugin before 1.7.5.10 for WordPress has XSS.

Source: CVE-2017-14126

CVE-2017-14127

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14127

Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.

Source: CVE-2017-14127

CVE-2017-14128

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14128

The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.

Source: CVE-2017-14128

CVE-2017-14129

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14129

Source: CVE-2017-14129

CVE-2017-14132

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14132

Source: CVE-2017-14132

CVE-2017-14130

Posted on 2017년 9월 5일2017년 9월 5일 by admin

CVE-2017-14130

The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.

Source: CVE-2017-14130