» 2019 » 3월

CVE-2019-10654

Posted on 2019년 3월 31일2019년 3월 31일 by admin

CVE-2019-10654

The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.

Source: CVE-2019-10654

CVE-2019-10652

Posted on 2019년 3월 30일2019년 3월 31일 by admin

CVE-2019-10652

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.

Source: CVE-2019-10652

CVE-2019-10649

Posted on 2019년 3월 30일2019년 3월 31일 by admin

CVE-2019-10649

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

Source: CVE-2019-10649

CVE-2019-10650

Posted on 2019년 3월 30일2019년 3월 31일 by admin

CVE-2019-10650

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.

Source: CVE-2019-10650

CVE-2019-10648

Posted on 2019년 3월 30일2019년 3월 30일 by admin

CVE-2019-10648

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

Source: CVE-2019-10648

CVE-2019-10647

Posted on 2019년 3월 30일2019년 3월 30일 by admin

CVE-2019-10647

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).

Source: CVE-2019-10647

CVE-2019-10644

Posted on 2019년 3월 30일2019년 3월 30일 by admin

CVE-2019-10644

An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account.

Source: CVE-2019-10644

CVE-2019-10646

Posted on 2019년 3월 30일2019년 3월 30일 by admin

CVE-2019-10646

Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.

Source: CVE-2019-10646

CVE-2018-18766

Posted on 2019년 3월 30일2019년 3월 30일 by admin

CVE-2018-18766

An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905.

Source: CVE-2018-18766

CVE-2018-19201

Posted on 2019년 3월 30일2019년 3월 30일 by admin

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the ‘username’ parameter.

Source: CVE-2018-19201