» 2019 » 5월

CVE-2019-10742

Posted on 2019년 5월 8일2019년 5월 8일 by admin

CVE-2019-10742

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Source: CVE-2019-10742

CVE-2018-19456

Posted on 2019년 5월 8일2019년 5월 8일 by admin

CVE-2018-19456

The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.

Source: CVE-2018-19456

CVE-2018-2001

Posted on 2019년 5월 8일2019년 5월 8일 by admin

CVE-2018-2001

IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.

Source: CVE-2018-2001

CVE-2018-2008

Posted on 2019년 5월 8일2019년 5월 8일 by admin

CVE-2018-2008

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.

Source: CVE-2018-2008

CVE-2018-20503

Posted on 2019년 5월 8일2019년 5월 8일 by admin

CVE-2018-20503

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.

Source: CVE-2018-20503

CVE-2019-10869

Posted on 2019년 5월 8일2019년 5월 8일 by admin

CVE-2019-10869

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.

Source: CVE-2019-10869