» 2020 » 1월

CVE-2019-16792

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Source: CVE-2019-16792

CVE-2012-4919

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

Source: CVE-2012-4919

CVE-2016-4761

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2016-4761

WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS

Source: CVE-2016-4761

CVE-2019-5647

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-5647

The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.

Source: CVE-2019-5647

CVE-2011-3612

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3612

Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.

Source: CVE-2011-3612

CVE-2011-3621

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3621

A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.

Source: CVE-2011-3621

CVE-2011-3614

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3614

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.

Source: CVE-2011-3614

CVE-2011-3613

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3613

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.

Source: CVE-2011-3613

CVE-2019-6146

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-6146

It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Source: CVE-2019-6146

CVE-2020-7109

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2020-7109

The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.

Source: CVE-2020-7109