» 2018 » 4월

CVE-2018-9864

Posted on 2018년 4월 10일2018년 4월 10일 by admin

CVE-2018-9864

The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field.

Source: CVE-2018-9864

CVE-2018-9862

Posted on 2018년 4월 10일2018년 4월 10일 by admin

CVE-2018-9862

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.

Source: CVE-2018-9862

CVE-2018-0545

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-0545

LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Source: CVE-2018-0545

CVE-2018-1308

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-1308

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr’s DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Source: CVE-2018-1308

CVE-2018-0553

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-0553

The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Source: CVE-2018-0553

CVE-2018-0554

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-0554

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

Source: CVE-2018-0554

CVE-2018-0556

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-0556

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Source: CVE-2018-0556

CVE-2018-0555

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-0555

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.

Source: CVE-2018-0555

CVE-2018-9857

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-9857

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).

Source: CVE-2018-9857

CVE-2018-9856

Posted on 2018년 4월 9일2018년 4월 9일 by admin

CVE-2018-9856

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.

Source: CVE-2018-9856