CVE-2019-11418
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.
Source: CVE-2019-11418
[월:] 2019년 04월
CVE-2019-11426
CVE-2019-11426
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
Source: CVE-2019-11426
CVE-2019-11416
CVE-2019-11416
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
Source: CVE-2019-11416
CVE-2019-11417
CVE-2019-11417
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.
Source: CVE-2019-11417
CVE-2019-11445
CVE-2019-11445
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin’s Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
Source: CVE-2019-11445
CVE-2019-11415
CVE-2019-11415
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the ""} string to v1/system/login.
Source: CVE-2019-11415
CVE-2019-11428
CVE-2019-11428
I, Librarian 4.10 has XSS via the export.php export_files parameter.
Source: CVE-2019-11428
CVE-2019-11403
CVE-2019-11403
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
Source: CVE-2019-11403
CVE-2019-11411
CVE-2019-11411
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
Source: CVE-2019-11411
CVE-2019-11404
CVE-2019-11404
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Source: CVE-2019-11404