» 2018 » 8월

CVE-2018-1000648

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.

Source: CVE-2018-1000648

CVE-2018-1000647

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000647

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

Source: CVE-2018-1000647

CVE-2018-1000646

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.

Source: CVE-2018-1000646

CVE-2018-1000645

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000645

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.

Source: CVE-2018-1000645

CVE-2018-1000644

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000644

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

Source: CVE-2018-1000644

CVE-2018-1000643

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000643

OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() – for both SAX & DOM that can result in Cross Site Scripting.

Source: CVE-2018-1000643

CVE-2018-1000642

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000642

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.

Source: CVE-2018-1000642

CVE-2018-1000641

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000641

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.

Source: CVE-2018-1000641

CVE-2018-1000640

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000640

OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.

Source: CVE-2018-1000640

CVE-2018-1000639

Posted on 2018년 8월 21일2018년 8월 21일 by admin

CVE-2018-1000639

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.

Source: CVE-2018-1000639