» 2019 » 4월

CVE-2019-9489

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-9489

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product’s management console.

Source: CVE-2019-9489

CVE-2019-6554

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-6554

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.

Source: CVE-2019-6554

CVE-2019-6550

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-6550

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.

Source: CVE-2019-6550

CVE-2019-6552

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-6552

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.

Source: CVE-2019-6552

CVE-2019-10479

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-10479

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.

Source: CVE-2019-10479

CVE-2019-10478

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-10478

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.

Source: CVE-2019-10478

CVE-2019-10887

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.

Source: CVE-2019-10887

CVE-2019-10888

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-10888

A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html.

Source: CVE-2019-10888

CVE-2019-10885

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-10885

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.

Source: CVE-2019-10885

CVE-2019-10884

Posted on 2019년 4월 6일2019년 4월 6일 by admin

CVE-2019-10884

Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.

Source: CVE-2019-10884