» 2019 » 8월

CVE-2019-15331

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15331

The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.

Source: CVE-2019-15331

CVE-2017-18586

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2017-18586

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.

Source: CVE-2017-18586

CVE-2019-15060

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-15060

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Source: CVE-2019-15060

CVE-2019-12386

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-12386

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

Source: CVE-2019-12386

CVE-2019-12385

Posted on 2019년 8월 23일2019년 8월 23일 by admin

CVE-2019-12385

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.

Source: CVE-2019-12385