CVE-2018-15878
The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vulnerability in the gdImageBmpPtr function.
Source: CVE-2018-15878
[월:] 2019년 06월
CVE-2018-15879
CVE-2018-15879
The GD Graphics Library (aka libgd) through 2.2.5 has a Double Free Vulnerability in the gdImageBmpPt function.
Source: CVE-2018-15879
CVE-2019-8459
CVE-2019-8459
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
Source: CVE-2019-8459
CVE-2018-16118
CVE-2018-16118
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
Source: CVE-2018-16118
CVE-2019-12744
CVE-2019-12744
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
Source: CVE-2019-12744
CVE-2018-16117
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Source: CVE-2018-16117
CVE-2019-12745
CVE-2019-12745
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
Source: CVE-2019-12745
CVE-2019-8458
CVE-2019-8458
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
Source: CVE-2019-8458
CVE-2018-15892
CVE-2018-15892
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
Source: CVE-2018-15892
CVE-2018-16116
CVE-2018-16116
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
Source: CVE-2018-16116