CVE-2018-12609
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
Source: CVE-2018-12609
[월:] 2019년 01월
CVE-2018-15136
CVE-2018-15136
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.
Source: CVE-2018-15136
CVE-2019-7173
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
Source: CVE-2019-7173
CVE-2019-7171
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
Source: CVE-2019-7171
CVE-2019-7172
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
Source: CVE-2019-7172
CVE-2019-7169
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
Source: CVE-2019-7169
CVE-2019-7170
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
Source: CVE-2019-7170
CVE-2019-7168
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
Source: CVE-2019-7168
CVE-2019-3807
CVE-2019-3807
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Source: CVE-2019-3807
CVE-2019-3806
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Source: CVE-2019-3806