CVE-2018-6193
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the ‘rtr’ GET parameter in a page=graph action to cgi-bin/routers2.pl.
Source: CVE-2018-6193
[월:] 2018년 01월
CVE-2018-5705
CVE-2018-5705
Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it’s possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
Source: CVE-2018-5705
CVE-2018-4834
CVE-2018-4834
A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
Source: CVE-2018-4834
CVE-2018-5319
CVE-2018-5319
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.
Source: CVE-2018-5319
CVE-2018-6018
CVE-2018-6018
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.
Source: CVE-2018-6018
CVE-2018-6017
CVE-2018-6017
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.
Source: CVE-2018-6017
CVE-2017-15135
CVE-2017-15135
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
Source: CVE-2017-15135
CVE-2018-5777
CVE-2018-5777
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.
Source: CVE-2018-5777
CVE-2018-5778
CVE-2018-5778
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
Source: CVE-2018-5778
CVE-2017-13696
CVE-2017-13696
The vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.
Source: CVE-2017-13696