CVE-2019-7233
In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.
Source: CVE-2019-7233
[월:] 2019년 01월
CVE-2019-7236
CVE-2019-7236
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
Source: CVE-2019-7236
CVE-2019-7235
CVE-2019-7235
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.
Source: CVE-2019-7235
CVE-2019-7234
CVE-2019-7234
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.
Source: CVE-2019-7234
CVE-2019-3913
CVE-2019-3913
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.
Source: CVE-2019-3913
CVE-2019-3911
CVE-2019-3911
Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.
Source: CVE-2019-3911
CVE-2019-1566
CVE-2019-1566
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
Source: CVE-2019-1566
CVE-2019-3912
CVE-2019-3912
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
Source: CVE-2019-3912
CVE-2019-1565
CVE-2019-1565
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
Source: CVE-2019-1565
CVE-2018-20750
CVE-2018-20750
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
Source: CVE-2018-20750