» 2019 » 2월

CVE-2019-9114

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9114

Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.

Source: CVE-2019-9114

CVE-2019-9113

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9113

Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.

Source: CVE-2019-9113

CVE-2019-9112

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9112

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in _sde_debugfs_conn_cmd_tx_write in drivers/gpu/drm/msm/sde/sde_connector.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.

Source: CVE-2019-9112

CVE-2019-9111

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9111

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in sde_evtlog_filter_write in drivers/gpu/drm/msm/sde_dbg.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.

Source: CVE-2019-9111

CVE-2019-9108

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9108

XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.

Source: CVE-2019-9108

CVE-2019-9107

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9107

XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.

Source: CVE-2019-9107

CVE-2019-9109

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9109

XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.

Source: CVE-2019-9109

CVE-2019-9110

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9110

XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.

Source: CVE-2019-9110

CVE-2019-9082

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Source: CVE-2019-9082

CVE-2019-9078

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9078

zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.

Source: CVE-2019-9078