» 2019 » 1월

CVE-2015-9276

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2015-9276

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker’s email, which contained a malicious payload. Therefore, users’ passwords could be reset by using an XSS attack, as the password reset page did not need the current password.

Source: CVE-2015-9276

CVE-2018-20725

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20725

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

Source: CVE-2018-20725

CVE-2018-20723

Posted on 2019년 1월 17일2019년 1월 17일 by admin

CVE-2018-20723

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

Source: CVE-2018-20723

CVE-2019-6447

Posted on 2019년 1월 16일2019년 1월 17일 by admin

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

Source: CVE-2019-6447

CVE-2018-20721

Posted on 2019년 1월 16일2019년 1월 17일 by admin

CVE-2018-20721

URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

Source: CVE-2018-20721

CVE-2019-6263

Posted on 2019년 1월 16일2019년 1월 16일 by admin

CVE-2019-6263

An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.

Source: CVE-2019-6263

CVE-2019-6262

Posted on 2019년 1월 16일2019년 1월 16일 by admin

CVE-2019-6262

An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.

Source: CVE-2019-6262

CVE-2019-6264

Posted on 2019년 1월 16일2019년 1월 16일 by admin

CVE-2019-6264

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Source: CVE-2019-6264

CVE-2019-6261

Posted on 2019년 1월 16일2019년 1월 16일 by admin

CVE-2019-6261

An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.

Source: CVE-2019-6261

CVE-2019-6446

Posted on 2019년 1월 16일2019년 1월 16일 by admin

CVE-2019-6446

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.

Source: CVE-2019-6446