CVE-2018-20790
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
Source: CVE-2018-20790
[월:] 2019년 02월
CVE-2018-20789
CVE-2018-20789
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
Source: CVE-2018-20789
CVE-2019-9126
CVE-2019-9126
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN information of the device.
Source: CVE-2019-9126
CVE-2019-9125
CVE-2019-9125
An issue was discovered on D-Link DIR-878 1.12B01 devices. Because strncpy is misused, there is a stack-based buffer overflow vulnerability that does not require authentication via the HNAP_AUTH HTTP header.
Source: CVE-2019-9125
CVE-2019-9123
CVE-2019-9123
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.
Source: CVE-2019-9123
CVE-2019-9124
CVE-2019-9124
An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password.
Source: CVE-2019-9124
CVE-2019-9122
CVE-2019-9122
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.
Source: CVE-2019-9122
CVE-2018-20788
CVE-2018-20788
drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted application for denial of service.
Source: CVE-2018-20788
CVE-2018-20787
CVE-2018-20787
The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbg_write in drivers/input/touchscreen/ft5x46/ft5x46_ts.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.
Source: CVE-2018-20787
CVE-2019-9115
CVE-2019-9115
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.
Source: CVE-2019-9115