CVE-2018-15197
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
Source: CVE-2018-15197
[월:] 2018년 08월
CVE-2018-15198
CVE-2018-15198
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
Source: CVE-2018-15198
CVE-2018-15192
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
Source: CVE-2018-15192
CVE-2018-15193
CVE-2018-15193
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
Source: CVE-2018-15193
CVE-2018-15176
CVE-2018-15176
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.
Source: CVE-2018-15176
CVE-2018-15178
CVE-2018-15178
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial / substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
Source: CVE-2018-15178
CVE-2018-15175
CVE-2018-15175
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
Source: CVE-2018-15175
CVE-2018-15177
CVE-2018-15177
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account.
Source: CVE-2018-15177
CVE-2018-15137
CVE-2018-15137
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
Source: CVE-2018-15137
CVE-2018-15168
CVE-2018-15168
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Source: CVE-2018-15168