» 2019 » 2월

CVE-2018-11803

Posted on 2019년 2월 6일2019년 2월 6일 by admin

CVE-2018-11803

Subversion’s mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

Source: CVE-2018-11803

CVE-2019-7403

Posted on 2019년 2월 6일2019년 2월 6일 by admin

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.

Source: CVE-2019-7403

CVE-2019-7402

Posted on 2019년 2월 6일2019년 2월 6일 by admin

CVE-2019-7402

An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.

Source: CVE-2019-7402

CVE-2019-7400

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2019-7400

Rukovoditel before 2.4.1 allows XSS.

Source: CVE-2019-7400

CVE-2017-18362

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.

Source: CVE-2017-18362

CVE-2018-20753

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2018-20753

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

Source: CVE-2018-20753

CVE-2018-15655

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2018-15655

An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.

Source: CVE-2018-15655

CVE-2018-15656

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2018-15656

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header.

Source: CVE-2018-15656

CVE-2018-15659

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2018-15659

An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible.

Source: CVE-2018-15659

CVE-2018-15657

Posted on 2019년 2월 5일2019년 2월 5일 by admin

CVE-2018-15657

An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.

Source: CVE-2018-15657