» 2018 » 4월

CVE-2018-6900

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-6900

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.

Source: CVE-2018-6900

CVE-2018-6879

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-6879

PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.

Source: CVE-2018-6879

CVE-2018-6870

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-6870

Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.

Source: CVE-2018-6870

CVE-2018-6902

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2018-6902

PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.

Source: CVE-2018-6902

CVE-2014-8422

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2014-8422

The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Source: CVE-2014-8422

CVE-2014-8421

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2014-8421

Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.

Source: CVE-2014-8421

CVE-2014-6412

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2014-6412

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Source: CVE-2014-6412

CVE-2014-6169

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2014-6169

Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.

Source: CVE-2014-6169

CVE-2014-8888

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2014-8888

The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."

Source: CVE-2014-8888

CVE-2014-6120

Posted on 2018년 4월 13일2018년 4월 16일 by admin

CVE-2014-6120

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721.

Source: CVE-2014-6120