» 2018 » 7월

CVE-2018-14069

Posted on 2018년 7월 16일2018년 7월 16일 by admin

CVE-2018-14069

An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.

Source: CVE-2018-14069

CVE-2018-14068

Posted on 2018년 7월 16일2018년 7월 16일 by admin

CVE-2018-14068

An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.

Source: CVE-2018-14068

CVE-2018-14066

Posted on 2018년 7월 16일2018년 7월 16일 by admin

CVE-2018-14066

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

Source: CVE-2018-14066

CVE-2018-14063

Posted on 2018년 7월 16일2018년 7월 16일 by admin

CVE-2018-14063

The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.

Source: CVE-2018-14063

CVE-2018-14065

Posted on 2018년 7월 16일2018년 7월 16일 by admin

CVE-2018-14065

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.

Source: CVE-2018-14065

CVE-2018-14064

Posted on 2018년 7월 16일2018년 7월 16일 by admin

CVE-2018-14064

The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.

Source: CVE-2018-14064

CVE-2018-14060

Posted on 2018년 7월 15일2018년 7월 15일 by admin

CVE-2018-14060

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

Source: CVE-2018-14060

CVE-2018-14010

Posted on 2018년 7월 15일2018년 7월 15일 by admin

CVE-2018-14010

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

Source: CVE-2018-14010

CVE-2018-14056

Posted on 2018년 7월 15일2018년 7월 15일 by admin

CVE-2018-14056

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

Source: CVE-2018-14056

CVE-2018-14055

Posted on 2018년 7월 15일2018년 7월 15일 by admin

CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

Source: CVE-2018-14055