CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the ‘moduleinterface.php’ Name field, which is reachable via an "Add Category" action to the "Site Admin Settings – News module" section.
Source: CVE-2019-10106
[월:] 2019년 03월
CVE-2019-6569
CVE-2019-6569
A vulnerability has been identified in Scalance X-200 (All versions), Scalance X-300 (All versions), Scalance XP/XC/XF-200 (All versions <V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behaviour. The security vulnerability could be exploited by an attacker with network access to the traffic-receiving network. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the confidentiality and availablity of the traffic-generating network. At the time of advisory publication no public exploitation of this security vulnerability was known.
Source: CVE-2019-6569
CVE-2019-1570
CVE-2019-1570
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
Source: CVE-2019-1570
CVE-2018-15814
CVE-2018-15814
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.
Source: CVE-2018-15814
CVE-2019-9744
CVE-2019-9744
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.
Source: CVE-2019-9744
CVE-2018-15817
CVE-2018-15817
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.
Source: CVE-2018-15817
CVE-2018-15816
CVE-2018-15816
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.
Source: CVE-2018-15816
CVE-2018-15813
CVE-2018-15813
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file.
Source: CVE-2018-15813
CVE-2019-9743
CVE-2019-9743
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.
Source: CVE-2019-9743
CVE-2018-15815
CVE-2018-15815
FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.
Source: CVE-2018-15815