» 2018 » 4월

CVE-2018-9235

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9235

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

Source: CVE-2018-9235

CVE-2018-9256

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9256

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

Source: CVE-2018-9256

CVE-2018-9238

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9238

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.

Source: CVE-2018-9238

CVE-2018-9236

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9236

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.

Source: CVE-2018-9236

CVE-2018-9261

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9261

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

Source: CVE-2018-9261

CVE-2018-9252

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9252

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

Source: CVE-2018-9252

CVE-2017-18256

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2017-18256

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.

Source: CVE-2017-18256

CVE-2018-9251

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9251

The xz_decomp function in xzlib.c in libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Source: CVE-2018-9251

CVE-2016-10718

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2016-10718

Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.

Source: CVE-2016-10718

CVE-2018-9247

Posted on 2018년 4월 4일2018년 4월 4일 by admin

CVE-2018-9247

The upsql function in LibLibActionAdminDataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename.

Source: CVE-2018-9247