CVE-2014-0158
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.
Source: CVE-2014-0158
[월:] 2018년 04월
CVE-2014-3114
CVE-2014-3114
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.
Source: CVE-2014-3114
CVE-2014-1400
CVE-2014-1400
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Source: CVE-2014-1400
CVE-2017-18101
CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
Source: CVE-2017-18101
CVE-2018-5227
CVE-2018-5227
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
Source: CVE-2018-5227
CVE-2017-18100
CVE-2017-18100
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
Source: CVE-2017-18100
CVE-2017-1081
CVE-2017-1081
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.
Source: CVE-2017-1081
CVE-2018-9934
CVE-2018-9934
The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker’s control.
Source: CVE-2018-9934
CVE-2018-9928
CVE-2018-9928
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
Source: CVE-2018-9928
CVE-2018-9927
CVE-2018-9927
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.
Source: CVE-2018-9927