» 2018 » 6월

CVE-2018-12912

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12912

An issue wan discovered in admincontrollersdatabase.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.

Source: CVE-2018-12912

CVE-2018-12915

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12915

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.

Source: CVE-2018-12915

CVE-2018-12917

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12917

In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.

Source: CVE-2018-12917

CVE-2018-12918

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12918

In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.

Source: CVE-2018-12918

CVE-2018-12919

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-12919

In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.

Source: CVE-2018-12919

CVE-2018-1306

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

Source: CVE-2018-1306

CVE-2018-1457

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-1457

An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.

Source: CVE-2018-1457

CVE-2018-1507

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-1507

IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415.

Source: CVE-2018-1507

CVE-2018-1543

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-1543

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598.

Source: CVE-2018-1543

CVE-2018-1553

Posted on 2018년 6월 28일2018년 6월 28일 by admin

CVE-2018-1553

IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.

Source: CVE-2018-1553