» 2018 » 6월

CVE-2018-12996

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12996

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13780) allows remote attackers to inject arbitrary web script or HTML via the parameter ‘method’ to GraphicalView.do.

Source: CVE-2018-12996

CVE-2018-12995

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12995

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.

Source: CVE-2018-12995

CVE-2018-12998

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12998

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter ‘operation’ to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

Source: CVE-2018-12998

CVE-2018-12997

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12997

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.

Source: CVE-2018-12997

CVE-2018-12972

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12972

An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.

Source: CVE-2018-12972

CVE-2018-12973

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12973

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ‘json’ to the /q URI.

Source: CVE-2018-12973

CVE-2018-12971

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12971

EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.

Source: CVE-2018-12971

CVE-2018-12982

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12982

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.

Source: CVE-2018-12982

CVE-2018-12984

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12984

Hycus CMS 1.0.4 allows Authentication Bypass via "’=’ ‘OR’" credentials.

Source: CVE-2018-12984

CVE-2018-12983

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12983

A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.

Source: CVE-2018-12983