» 2019 » 1월

CVE-2018-20727

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20727

Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.

Source: CVE-2018-20727

CVE-2018-20728

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20728

A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.

Source: CVE-2018-20728

CVE-2018-20729

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20729

A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.

Source: CVE-2018-20729

CVE-2018-20731

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20731

A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.

Source: CVE-2018-20731

CVE-2018-20730

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20730

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.

Source: CVE-2018-20730

CVE-2018-20732

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20732

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Source: CVE-2018-20732

CVE-2015-9281

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2015-9281

Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.

Source: CVE-2015-9281

CVE-2018-20733

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20733

BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.

Source: CVE-2018-20733

CVE-2018-18814

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-18814

The TIBCO Spotfire authentication component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.

Source: CVE-2018-18814

CVE-2018-18813

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-18813

The Spotfire web server component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

Source: CVE-2018-18813