» 2018 » 8월

CVE-2018-15151

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-15151

SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter.

Source: CVE-2018-15151

CVE-2018-15150

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-15150

SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘temporary_files_dir’ variable in interface/super/edit_globals.php.

Source: CVE-2018-15150

CVE-2018-15149

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-15149

SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘encounter’ parameter.

Source: CVE-2018-15149

CVE-2018-15148

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-15148

SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘text’ parameter.

Source: CVE-2018-15148

CVE-2018-15146

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-15146

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter.

Source: CVE-2018-15146

CVE-2018-15138

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-15138

Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.

Source: CVE-2018-15138

CVE-2018-12056

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-12056

The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.

Source: CVE-2018-12056

CVE-2018-10369

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-10369

A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.

Source: CVE-2018-10369

CVE-2018-11687

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-11687

An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.

Source: CVE-2018-11687

CVE-2018-0952

Posted on 2018년 8월 16일2018년 8월 16일 by admin

CVE-2018-0952

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.

Source: CVE-2018-0952