» 2018 » 1월

CVE-2018-6367

Posted on 2018년 1월 29일2018년 1월 29일 by admin

CVE-2018-6367

SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.

Source: CVE-2018-6367

CVE-2018-6008

Posted on 2018년 1월 29일2018년 1월 29일 by admin

CVE-2018-6008

Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.

Source: CVE-2018-6008

CVE-2018-6365

Posted on 2018년 1월 29일2018년 1월 29일 by admin

CVE-2018-6365

SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.

Source: CVE-2018-6365

CVE-2018-6363

Posted on 2018년 1월 29일2018년 1월 29일 by admin

CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.

Source: CVE-2018-6363

CVE-2018-6364

Posted on 2018년 1월 29일2018년 1월 29일 by admin

CVE-2018-6364

SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.

Source: CVE-2018-6364

CVE-2018-6360

Posted on 2018년 1월 28일2018년 1월 28일 by admin

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.

Source: CVE-2018-6360

CVE-2018-6359

Posted on 2018년 1월 28일2018년 1월 28일 by admin

CVE-2018-6359

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

Source: CVE-2018-6359

CVE-2018-6358

Posted on 2018년 1월 28일2018년 1월 28일 by admin

CVE-2018-6358

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.

Source: CVE-2018-6358

CVE-2018-6357

Posted on 2018년 1월 28일2018년 1월 28일 by admin

CVE-2018-6357

The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.

Source: CVE-2018-6357

CVE-2018-6354

Posted on 2018년 1월 28일2018년 1월 28일 by admin

CVE-2018-6354

templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.

Source: CVE-2018-6354