CVE-2018-17002
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
Source: CVE-2018-17002
[월:] 2018년 09월
CVE-2018-17001
CVE-2018-17001
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
Source: CVE-2018-17001
CVE-2018-15613
CVE-2018-15613
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1.
Source: CVE-2018-15613
CVE-2018-15612
CVE-2018-15612
A CSRF vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1.
Source: CVE-2018-15612
CVE-2018-16821
CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
Source: CVE-2018-16821
CVE-2018-14732
CVE-2018-14732
An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer’s code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.
Source: CVE-2018-14732
CVE-2018-14731
CVE-2018-14731
An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer’s code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1 connection (with a random TCP port number) from any origin. The random port number can be found by connecting to http://127.0.0.1 and reading the "new WebSocket" line in the source code.
Source: CVE-2018-14731
CVE-2018-14730
CVE-2018-14730
An issue was discovered in Browserify-HMR. Attackers are able to steal developer’s code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin.
Source: CVE-2018-14730
CVE-2018-13111
CVE-2018-13111
There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.
Source: CVE-2018-13111
CVE-2018-12511
CVE-2018-12511
In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account’s balance arbitrarily.
Source: CVE-2018-12511