CVE-2018-16275
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
Source: CVE-2018-16275
[월:] 2018년 08월
CVE-2018-16239
CVE-2018-16239
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.
Source: CVE-2018-16239
CVE-2018-16238
CVE-2018-16238
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.
Source: CVE-2018-16238
CVE-2018-16236
CVE-2018-16236
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
Source: CVE-2018-16236
CVE-2018-16237
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via ‘|’ characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.
Source: CVE-2018-16237
CVE-2018-16233
CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
Source: CVE-2018-16233
CVE-2018-16234
CVE-2018-16231
CVE-2018-16231
Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands.
Source: CVE-2018-16231
CVE-2018-6498
CVE-2018-6498
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
Source: CVE-2018-6498
CVE-2018-6499
CVE-2018-6499
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
Source: CVE-2018-6499