» 2018 » 2월

CVE-2018-7319

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7319

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.

Source: CVE-2018-7319

CVE-2018-7318

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7318

SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.

Source: CVE-2018-7318

CVE-2018-7317

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7317

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.

Source: CVE-2018-7317

CVE-2018-7316

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7316

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.

Source: CVE-2018-7316

CVE-2018-7314

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7314

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

Source: CVE-2018-7314

CVE-2018-7315

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7315

SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.

Source: CVE-2018-7315

CVE-2018-7301

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7301

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.

Source: CVE-2018-7301

CVE-2018-7312

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7312

SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.

Source: CVE-2018-7312

CVE-2018-7299

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.

Source: CVE-2018-7299

CVE-2018-7298

Posted on 2018년 2월 23일2018년 2월 23일 by admin

CVE-2018-7298

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.

Source: CVE-2018-7298