CVE-2019-7107
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution.
Source: CVE-2019-7107
[월:] 2019년 05월
CVE-2017-11739
CVE-2017-11739
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.
Source: CVE-2017-11739
CVE-2019-7105
CVE-2019-7105
Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Source: CVE-2019-7105
CVE-2019-7106
CVE-2019-7106
Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Source: CVE-2019-7106
CVE-2017-11740
CVE-2017-11740
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system.
Source: CVE-2017-11740
CVE-2019-12300
CVE-2019-12300
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.
Source: CVE-2019-12300
CVE-2019-12272
CVE-2019-12272
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
Source: CVE-2019-12272
CVE-2017-5212
CVE-2017-5212
Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.
Source: CVE-2017-5212
CVE-2017-15029
CVE-2017-15029
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
Source: CVE-2017-15029
CVE-2017-15030
CVE-2017-15030
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).
Source: CVE-2017-15030