» 2019 » 2월

CVE-2019-7585

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2019-7585

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.

Source: CVE-2019-7585

CVE-2019-7582

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2019-7582

The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.

Source: CVE-2019-7582

CVE-2019-7581

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2019-7581

The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876.

Source: CVE-2019-7581

CVE-2019-7580

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.

Source: CVE-2019-7580

CVE-2019-7535

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2019-7535

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.

Source: CVE-2019-7535

CVE-2018-1666

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2018-1666

IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.

Source: CVE-2018-1666

CVE-2019-4008

Posted on 2019년 2월 8일2019년 2월 8일 by admin

CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

Source: CVE-2019-4008

CVE-2019-7578

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7578

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

Source: CVE-2019-7578

CVE-2019-7559

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7559

In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.

Source: CVE-2019-7559

CVE-2019-7577

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7577

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

Source: CVE-2019-7577