CVE-2019-8436 (imcat)
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
Source: CVE-2019-8436 (imcat)
[월:] 2019년 02월
CVE-2019-8432 (cmseasy)
CVE-2019-8432 (cmseasy)
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
Source: CVE-2019-8432 (cmseasy)
CVE-2019-8427 (zoneminder)
CVE-2019-8427 (zoneminder)
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
Source: CVE-2019-8427 (zoneminder)
CVE-2019-8425 (zoneminder)
CVE-2019-8425 (zoneminder)
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
Source: CVE-2019-8425 (zoneminder)
CVE-2019-8428 (zoneminder)
CVE-2019-8428 (zoneminder)
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
Source: CVE-2019-8428 (zoneminder)
CVE-2019-8424 (zoneminder)
CVE-2019-8424 (zoneminder)
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Source: CVE-2019-8424 (zoneminder)
CVE-2019-8423 (zoneminder)
CVE-2019-8423 (zoneminder)
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Source: CVE-2019-8423 (zoneminder)
CVE-2019-8429 (zoneminder)
CVE-2019-8429 (zoneminder)
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.
Source: CVE-2019-8429 (zoneminder)
CVE-2019-8433
CVE-2019-8433
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
Source: CVE-2019-8433
CVE-2019-8422 (pbootcms)
CVE-2019-8422 (pbootcms)
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in appsadmincontrollercontentContentController.php.
Source: CVE-2019-8422 (pbootcms)