CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Source: CVE-2017-11509
[월:] 2018년 03월
CVE-2018-7498
CVE-2018-7498
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.
Source: CVE-2018-7498
CVE-2018-9110
CVE-2018-9110
Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
Source: CVE-2018-9110
CVE-2018-7674
CVE-2018-7674
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Source: CVE-2018-7674
CVE-2018-7676
CVE-2018-7676
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Source: CVE-2018-7676
CVE-2018-1142
CVE-2018-1142
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.
Source: CVE-2018-1142
CVE-2018-1083
CVE-2018-1083
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
Source: CVE-2018-1083
CVE-2018-9109
CVE-2018-9109
Studio 42 elFinder before 2.1.36 has Directory Traversal via the zipdl() function in elFinder.class.php, resulting in file deletion.
Source: CVE-2018-9109
CVE-2018-9108
CVE-2018-9108
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.
Source: CVE-2018-9108
CVE-2018-9107
CVE-2018-9107
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
Source: CVE-2018-9107