CVE-2018-20606
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
Source: CVE-2018-20606
[월:] 2018년 12월
CVE-2018-20596
CVE-2018-20594
CVE-2018-20594
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.
Source: CVE-2018-20594
CVE-2018-20591
CVE-2018-20591
A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.
Source: CVE-2018-20591
CVE-2018-20592
CVE-2018-20592
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
Source: CVE-2018-20592
CVE-2018-20589
CVE-2018-20589
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.
Source: CVE-2018-20589
CVE-2018-20590
CVE-2018-20590
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.
Source: CVE-2018-20590
CVE-2018-20595
CVE-2018-20595
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.
Source: CVE-2018-20595
CVE-2018-20593
CVE-2018-20593
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
Source: CVE-2018-20593
CVE-2018-20588
CVE-2018-20588
lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.
Source: CVE-2018-20588