CVE-2018-14908
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
Source: CVE-2018-14908
[월:] 2018년 08월
CVE-2018-14907
CVE-2018-14907
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
Source: CVE-2018-14907
CVE-2018-14576
CVE-2018-14576
The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.
Source: CVE-2018-14576
CVE-2018-7748
CVE-2018-7748
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via ‘${xyz}’ Glide Scripting Injection in the sysparm_media parameter.
Source: CVE-2018-7748
CVE-2018-14906
CVE-2018-14906
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces’ propertyPath parameters.
Source: CVE-2018-14906
CVE-2018-14905
CVE-2018-14905
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
Source: CVE-2018-14905
CVE-2018-12605
CVE-2018-12605
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of ‘url_for’ contained a XSS issue due to it allowing arbitrary protocols as a parameter.
Source: CVE-2018-12605
CVE-2017-15358
CVE-2017-15358
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the –self-repair option.
Source: CVE-2017-15358
CVE-2018-13055
CVE-2018-13055
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
Source: CVE-2018-13055
CVE-2018-12989
CVE-2018-12989
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
Source: CVE-2018-12989