CVE-2018-16785
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell
Source: CVE-2018-16785
[월:] 2018년 09월
CVE-2018-12243
CVE-2018-12243
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
Source: CVE-2018-12243
CVE-2018-1782
CVE-2018-1782
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.
Source: CVE-2018-1782
CVE-2018-12242
CVE-2018-12242
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
Source: CVE-2018-12242
CVE-2018-14792
CVE-2018-14792
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
Source: CVE-2018-14792
CVE-2018-16607
CVE-2018-16607
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
Source: CVE-2018-16607
CVE-2018-1149
CVE-2018-1149
cgi_system in NUUO’s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
Source: CVE-2018-1149
CVE-2018-1150
CVE-2018-1150
NUUO’s NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
Source: CVE-2018-1150
CVE-2017-1794
CVE-2017-1794
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
Source: CVE-2017-1794
CVE-2018-3574
CVE-2018-3574
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.
Source: CVE-2018-3574