» 2020 » 1월

CVE-2019-10775

Posted on 2020년 1월 3일2020년 1월 3일 by admin

CVE-2019-10775

ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.

Source: CVE-2019-10775

CVE-2013-3935

Posted on 2020년 1월 3일2020년 1월 3일 by admin

CVE-2013-3935

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

Source: CVE-2013-3935

CVE-2013-3936

Posted on 2020년 1월 3일2020년 1월 3일 by admin

CVE-2013-3936

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.

Source: CVE-2013-3936

CVE-2019-10158

Posted on 2020년 1월 3일2020년 1월 3일 by admin

CVE-2019-10158

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

Source: CVE-2019-10158

CVE-2020-5179

Posted on 2020년 1월 2일2020년 1월 3일 by admin

CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)

Source: CVE-2020-5179

CVE-2019-20204

Posted on 2020년 1월 2일2020년 1월 3일 by admin

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.

Source: CVE-2019-20204

CVE-2019-20205

Posted on 2020년 1월 2일2020년 1월 3일 by admin

CVE-2019-20205

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.

Source: CVE-2019-20205

CVE-2019-20223

Posted on 2020년 1월 2일2020년 1월 3일 by admin

CVE-2019-20223

In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.

Source: CVE-2019-20223

CVE-2019-20222

Posted on 2020년 1월 2일2020년 1월 3일 by admin

CVE-2019-20222

In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.

Source: CVE-2019-20222

CVE-2019-20221

Posted on 2020년 1월 2일2020년 1월 3일 by admin

CVE-2019-20221

In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.

Source: CVE-2019-20221