» 2019 » 2월

CVE-2019-9145

Posted on 2019년 2월 26일2019년 2월 26일 by admin

CVE-2019-9145

An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page.

Source: CVE-2019-9145

CVE-2019-9144

Posted on 2019년 2월 26일2019년 2월 26일 by admin

CVE-2019-9144

An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Source: CVE-2019-9144

CVE-2019-9143

Posted on 2019년 2월 26일2019년 2월 26일 by admin

CVE-2019-9143

An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Source: CVE-2019-9143

CVE-2019-9142

Posted on 2019년 2월 26일2019년 2월 26일 by admin

CVE-2019-9142

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.

Source: CVE-2019-9142

CVE-2019-9116

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2019-9116

** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker’s %LOCALAPPDATA%Tempsublime_text folder. NOTE: the vendor’s position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched."

Source: CVE-2019-9116

CVE-2018-20794

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2018-20794

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.

Source: CVE-2018-20794

CVE-2018-20795

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2018-20795

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.

Source: CVE-2018-20795

CVE-2018-20793

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2018-20793

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.

Source: CVE-2018-20793

CVE-2018-20792

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2018-20792

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.

Source: CVE-2018-20792

CVE-2018-20791

Posted on 2019년 2월 25일2019년 2월 25일 by admin

CVE-2018-20791

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.

Source: CVE-2018-20791