» 2019 » 2월

CVE-2018-20767

Posted on 2019년 2월 11일2019년 2월 11일 by admin

CVE-2018-20767

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.

Source: CVE-2018-20767

CVE-2018-20768

Posted on 2019년 2월 11일2019년 2월 11일 by admin

CVE-2018-20768

Source: CVE-2018-20768

CVE-2019-7692

Posted on 2019년 2월 11일2019년 2월 11일 by admin

CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.

Source: CVE-2019-7692

CVE-2018-13792

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2018-13792

Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.

Source: CVE-2018-13792

CVE-2019-7677

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2019-7677

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.

Source: CVE-2019-7677

CVE-2019-7678

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2019-7678

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.

Source: CVE-2019-7678

CVE-2019-7673

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2019-7673

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.

Source: CVE-2019-7673

CVE-2019-7674

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2019-7674

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.

Source: CVE-2019-7674

CVE-2019-7675

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.

Source: CVE-2019-7675

CVE-2019-7676

Posted on 2019년 2월 10일2019년 2월 10일 by admin

CVE-2019-7676

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.

Source: CVE-2019-7676