» 2019 » 2월

CVE-2019-8905 (file)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8905 (file)

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

Source: CVE-2019-8905 (file)

CVE-2019-8904 (file)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8904 (file)

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

Source: CVE-2019-8904 (file)

CVE-2018-12159

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2018-12159

Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access.

Source: CVE-2018-12159

CVE-2019-8903 (total.js)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8903 (total.js)

index.js in Total.js Platform before 3.2.3 allows path traversal.

Source: CVE-2019-8903 (total.js)

CVE-2019-6453

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-6453

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).

Source: CVE-2019-6453

CVE-2019-8372

Posted on 2019년 2월 19일2019년 2월 20일 by admin

CVE-2019-8372

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.

Source: CVE-2019-8372

CVE-2019-8902 (icms)

Posted on 2019년 2월 18일2019년 2월 20일 by admin

CVE-2019-8902 (icms)

An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users’ articles via the public/api.php?app=user URI.

Source: CVE-2019-8902 (icms)

CVE-2019-8434 (cmseasy)

Posted on 2019년 2월 18일2019년 2월 20일 by admin

CVE-2019-8434 (cmseasy)

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.

Source: CVE-2019-8434 (cmseasy)

CVE-2019-8426 (zoneminder)

Posted on 2019년 2월 18일2019년 2월 20일 by admin

CVE-2019-8426 (zoneminder)

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

Source: CVE-2019-8426 (zoneminder)

CVE-2019-8435

Posted on 2019년 2월 18일2019년 2월 20일 by admin

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.

Source: CVE-2019-8435