» 2018 » 4월

CVE-2018-0560

Posted on 2018년 4월 16일2018년 4월 17일 by admin

CVE-2018-0560

Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display.

Source: CVE-2018-0560

CVE-2018-9169

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-9169

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF.

Source: CVE-2018-9169

CVE-2018-9153

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.

Source: CVE-2018-9153

CVE-2018-10113

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10113

An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.

Source: CVE-2018-10113

CVE-2018-10112

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10112

An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

Source: CVE-2018-10112

CVE-2018-10118

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10118

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.

Source: CVE-2018-10118

CVE-2018-10122

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10122

QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php.

Source: CVE-2018-10122

CVE-2018-10114

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10114

An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.

Source: CVE-2018-10114

CVE-2018-10120

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10120

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document.

Source: CVE-2018-10120

CVE-2018-10117

Posted on 2018년 4월 16일2018년 4월 16일 by admin

CVE-2018-10117

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.

Source: CVE-2018-10117