CVE-2019-15087
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
Source: CVE-2019-15087
[월:] 2019년 09월
CVE-2019-14912
CVE-2019-14912
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
Source: CVE-2019-14912
CVE-2019-14911
CVE-2019-14911
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
Source: CVE-2019-14911
CVE-2019-14914
CVE-2019-14914
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
Source: CVE-2019-14914
CVE-2019-14915
CVE-2019-14915
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
Source: CVE-2019-14915
CVE-2019-14913
CVE-2019-14913
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
Source: CVE-2019-14913
CVE-2019-16531
CVE-2019-16531
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
Source: CVE-2019-16531
CVE-2019-9720
CVE-2019-9720
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
Source: CVE-2019-9720
CVE-2019-9719
CVE-2019-9719
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
Source: CVE-2019-9719
CVE-2019-9717
CVE-2019-9717
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
Source: CVE-2019-9717