» 2018 » 12월

CVE-2018-16630

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-16630

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.

Source: CVE-2018-16630

CVE-2018-16637

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-16637

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.

Source: CVE-2018-16637

CVE-2018-20577

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Source: CVE-2018-20577

CVE-2018-20576

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Source: CVE-2018-20576

CVE-2018-20575

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-20575

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Source: CVE-2018-20575

CVE-2018-16638

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-16638

Evolution CMS 1.4.x allows XSS via the manager/ search parameter.

Source: CVE-2018-16638

CVE-2018-18665

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-18665

The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Source: CVE-2018-18665

CVE-2018-18666

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-18666

The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Source: CVE-2018-18666

CVE-2018-18667

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-18667

The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.

Source: CVE-2018-18667

CVE-2018-18696

Posted on 2018년 12월 29일2018년 12월 29일 by admin

CVE-2018-18696

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF.

Source: CVE-2018-18696