CVE-2019-12890
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
Source: CVE-2019-12890
[월:] 2019년 06월
CVE-2018-17388
CVE-2018-17388
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
Source: CVE-2018-17388
CVE-2018-17387
CVE-2018-17387
CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.
Source: CVE-2018-17387
CVE-2018-17386
CVE-2018-17386
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
Source: CVE-2018-17386
CVE-2018-17381
CVE-2018-17381
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
Source: CVE-2018-17381
CVE-2018-17374
CVE-2018-17374
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
Source: CVE-2018-17374
CVE-2018-17148
CVE-2018-17148
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
Source: CVE-2018-17148
CVE-2018-17146
CVE-2018-17146
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the ‘name’ parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
Source: CVE-2018-17146
CVE-2018-17079
CVE-2018-17079
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
Source: CVE-2018-17079
CVE-2018-16613
CVE-2018-16613
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.
Source: CVE-2018-16613