» 2019 » 6월

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.

Source: CVE-2019-12548

CVE-2019-12375

Posted on 2019년 6월 4일2019년 6월 4일 by admin

CVE-2019-12375

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.

Source: CVE-2019-12375

CVE-2019-12376

Posted on 2019년 6월 4일2019년 6월 4일 by admin

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.

Source: CVE-2019-12376

CVE-2019-6588

Posted on 2019년 6월 4일2019년 6월 4일 by admin

CVE-2019-6588

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Source: CVE-2019-6588

CVE-2019-12377

Posted on 2019년 6월 4일2019년 6월 4일 by admin

CVE-2019-12377

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

Source: CVE-2019-12377