» 2018 » 1월

CVE-2017-18015

Posted on 2018년 1월 2일2018년 1월 2일 by admin

CVE-2017-18015

The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.

Source: CVE-2017-18015

CVE-2017-9965

Posted on 2018년 1월 2일2018년 1월 2일 by admin

CVE-2017-9965

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. Using a directory traversal attack, an unauthorized person can view web server files.

Source: CVE-2017-9965

CVE-2017-9966

Posted on 2018년 1월 2일2018년 1월 2일 by admin

CVE-2017-9966

An Improper Access Control issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

Source: CVE-2017-9966

CVE-2017-9964

Posted on 2018년 1월 2일2018년 1월 2일 by admin

CVE-2017-9964

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.

Source: CVE-2017-9964

CVE-2018-3814

Posted on 2018년 1월 2일2018년 1월 2일 by admin

CVE-2018-3814

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.

Source: CVE-2018-3814

CVE-2018-3813

Posted on 2018년 1월 2일2018년 1월 2일 by admin

CVE-2018-3813

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.

Source: CVE-2018-3813