» 2018 » 7월

CVE-2018-14014

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14014

In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.

Source: CVE-2018-14014

CVE-2018-14012

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-14012

WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.

Source: CVE-2018-14012

CVE-2018-5529

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-5529

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.

Source: CVE-2018-5529

CVE-2018-12979

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-12979

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Source: CVE-2018-12979

CVE-2018-13796

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-13796

Unspecified vulnerability in Mailman before 2.1.28 has unknown impact and attack vectors.

Source: CVE-2018-13796

CVE-2018-13458

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-13458

qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

Source: CVE-2018-13458

CVE-2018-13457

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-13457

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

Source: CVE-2018-13457

CVE-2018-13441

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-13441

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

Source: CVE-2018-13441

CVE-2018-12981

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-12981

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user’s browser.

Source: CVE-2018-12981

CVE-2018-12980

Posted on 2018년 7월 13일2018년 7월 13일 by admin

CVE-2018-12980

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

Source: CVE-2018-12980