» 2020 » 1월

CVE-2019-20396

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-20396

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.

Source: CVE-2019-20396

CVE-2019-20395

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-20395

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

Source: CVE-2019-20395

CVE-2019-19842

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-19842

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.

Source: CVE-2019-19842

CVE-2019-19840

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-19840

A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.

Source: CVE-2019-19840

CVE-2019-19841

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-19841

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.

Source: CVE-2019-19841

CVE-2011-3622

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3622

A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.

Source: CVE-2011-3622

CVE-2020-5221

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2020-5221

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11

Source: CVE-2020-5221

CVE-2019-19843

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-19843

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

Source: CVE-2019-19843

CVE-2019-19836

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-19836

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.

Source: CVE-2019-19836

CVE-2019-19834

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-19834

Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.

Source: CVE-2019-19834