CVE-2018-7176
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
Source: CVE-2018-7176
[월:] 2018년 02월
CVE-2017-14536
CVE-2017-14536
trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.
Source: CVE-2017-14536
CVE-2018-6324
CVE-2018-6324
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.
Source: CVE-2018-6324
CVE-2018-1000067
CVE-2018-1000067
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
Source: CVE-2018-1000067
CVE-2018-1000068
CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Source: CVE-2018-1000068
CVE-2018-6316
CVE-2018-6316
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.
Source: CVE-2018-6316
CVE-2018-5767
CVE-2018-5767
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
Source: CVE-2018-5767
CVE-2017-8993
CVE-2017-8993
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.
Source: CVE-2017-8993
CVE-2017-8985
CVE-2017-8985
HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00.
Source: CVE-2017-8985
CVE-2017-8984
CVE-2017-8984
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.
Source: CVE-2017-8984