» 2018 » 1월

CVE-2018-5285

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5285

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.

Source: CVE-2018-5285

CVE-2018-5293

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

Source: CVE-2018-5293

CVE-2018-5294

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5294

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

Source: CVE-2018-5294

CVE-2018-5295

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5295

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

Source: CVE-2018-5295

CVE-2018-5296

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5296

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

Source: CVE-2018-5296

CVE-2018-5284

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5284

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.

Source: CVE-2018-5284

CVE-2018-5270

Posted on 2018년 1월 8일2018년 1월 8일 by admin

CVE-2018-5270

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010.

Source: CVE-2018-5270