» 2020 » 1월

CVE-2020-5194

Posted on 2020년 1월 14일2020년 1월 15일 by admin

CVE-2020-5194

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists.

Source: CVE-2020-5194

CVE-2014-9211

Posted on 2020년 1월 14일2020년 1월 15일 by admin

CVE-2014-9211

ClickDesk version 4.3 and below has persistent cross site scripting

Source: CVE-2014-9211

CVE-2020-6958

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

Source: CVE-2020-6958

CVE-2020-6954

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2020-6954

An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.

Source: CVE-2020-6954

CVE-2020-6955

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2020-6955

An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.

Source: CVE-2020-6955

CVE-2019-19680

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2019-19680

A file-extension filtering vulnerability in ProofPoint Protection Server Email Firewall through 8.10 allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.

Source: CVE-2019-19680

CVE-2019-20143

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2019-20143

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

Source: CVE-2019-20143

CVE-2019-20142

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2019-20142

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

Source: CVE-2019-20142

CVE-2019-20144

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2019-20144

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.

Source: CVE-2019-20144

CVE-2020-6832

Posted on 2020년 1월 14일2020년 1월 14일 by admin

CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.

Source: CVE-2020-6832