» 2017 » 12월

CVE-2017-14963

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-14963

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.

Source: CVE-2017-14963

CVE-2017-1595

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-1595

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.

Source: CVE-2017-1595

CVE-2017-1423

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-1423

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.

Source: CVE-2017-1423

CVE-2017-14964

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-14964

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.

Source: CVE-2017-14964

CVE-2017-1262

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-1262

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.

Source: CVE-2017-1262

CVE-2017-14967

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-14967

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.

Source: CVE-2017-14967

CVE-2017-14969

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-14969

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.

Source: CVE-2017-14969

CVE-2017-12072

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-12072

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

Source: CVE-2017-12072

CVE-2017-15532

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-15532

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.

Source: CVE-2017-15532

CVE-2017-14965

Posted on 2017년 12월 21일2017년 12월 21일 by admin

CVE-2017-14965

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc.

Source: CVE-2017-14965