» 2019 » 2월

CVE-2019-7548

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

Source: CVE-2019-7548

CVE-2019-7547

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7547

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS.

Source: CVE-2019-7547

CVE-2019-7546

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7546

An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability.

Source: CVE-2019-7546

CVE-2019-7545

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7545

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.

Source: CVE-2019-7545

CVE-2019-7544

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7544

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field.

Source: CVE-2019-7544

CVE-2019-7543

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.

Source: CVE-2019-7543

CVE-2019-6517

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2019-6517

BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions.

Source: CVE-2019-6517

CVE-2018-3980

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2018-3980

An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.

Source: CVE-2018-3980

CVE-2018-3976

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2018-3976

An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.

Source: CVE-2018-3976

CVE-2018-3973

Posted on 2019년 2월 7일2019년 2월 7일 by admin

CVE-2018-3973

An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.

Source: CVE-2018-3973