CVE-2018-11718
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF.
Source: CVE-2018-11718
[월:] 2018년 08월
CVE-2018-16159
CVE-2018-16159
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
Source: CVE-2018-16159
CVE-2018-15691
CVE-2018-15691
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
Source: CVE-2018-15691
CVE-2018-13826
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
Source: CVE-2018-13826
CVE-2018-13825
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
Source: CVE-2018-13825
CVE-2018-13824
CVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.
Source: CVE-2018-13824
CVE-2018-13823
CVE-2018-13823
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.
Source: CVE-2018-13823
CVE-2018-13819
CVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
Source: CVE-2018-13819
CVE-2018-13820
CVE-2018-13820
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.
Source: CVE-2018-13820
CVE-2018-13822
CVE-2018-13822
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.
Source: CVE-2018-13822