» 2018 » 6월

CVE-2018-12988

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12988

GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.

Source: CVE-2018-12988

CVE-2018-12938

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-12938

slpd_process.c in OpenSLP 2.0.0 has a double free resulting in denial of service (daemon crash) or possibly unauthenticated remote code execution.

Source: CVE-2018-12938

CVE-2018-8016

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-8016

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.

Source: CVE-2018-8016

CVE-2018-1351

Posted on 2018년 6월 29일2018년 6월 29일 by admin

CVE-2018-1351

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices’ CLI commands by viewing the remote device CLI config installation log.

Source: CVE-2018-1351

CVE-2018-12589

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12589

Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.

Source: CVE-2018-12589

CVE-2018-12930

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12930

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

Source: CVE-2018-12930

CVE-2018-12931

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12931

ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

Source: CVE-2018-12931

CVE-2018-12933

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12933

PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.

Source: CVE-2018-12933

CVE-2018-12932

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-12932

PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value.

Source: CVE-2018-12932

CVE-2018-11510

Posted on 2018년 6월 28일2018년 6월 29일 by admin

CVE-2018-11510

ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.

Source: CVE-2018-11510