» 2019 » 6월

CVE-2019-11517

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2019-11517

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.

Source: CVE-2019-11517

CVE-2019-12786

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2019-12786

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.

Source: CVE-2019-12786

CVE-2019-12787

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2019-12787

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.

Source: CVE-2019-12787

CVE-2019-6241

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2019-6241

In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker.

Source: CVE-2019-6241

CVE-2019-11877

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2019-11877

XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID.

Source: CVE-2019-11877

CVE-2018-20355

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2018-20355

An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Source: CVE-2018-20355

CVE-2018-20356

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2018-20356

An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Source: CVE-2018-20356

CVE-2018-20354

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2018-20354

An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Source: CVE-2018-20354

CVE-2018-20353

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2018-20353

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Source: CVE-2018-20353

CVE-2018-20352

Posted on 2019년 6월 11일2019년 6월 11일 by admin

CVE-2018-20352

Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.

Source: CVE-2018-20352