» 2019 » 10월

CVE-2019-18207

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2019-18207

In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page.

Source: CVE-2019-18207

CVE-2019-18206

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2019-18206

A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.

Source: CVE-2019-18206

CVE-2019-18205

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2019-18205

Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter.

Source: CVE-2019-18205

CVE-2019-18204

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2019-18204

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.

Source: CVE-2019-18204

CVE-2018-18678

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2018-18678

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.

Source: CVE-2018-18678

CVE-2018-16417

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2018-16417

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

Source: CVE-2018-16417

CVE-2019-15682

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2019-15682

RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5

Source: CVE-2019-15682

CVE-2018-4075

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2018-4075

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.

Source: CVE-2018-4075

CVE-2018-4074

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2018-4074

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.

Source: CVE-2018-4074

CVE-2018-4060

Posted on 2019년 10월 31일2019년 10월 31일 by admin

CVE-2018-4060

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.

Source: CVE-2018-4060