» 2020 » 1월

CVE-2011-3611

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3611

A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.

Source: CVE-2011-3611

CVE-2011-3595

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3595

Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

Source: CVE-2011-3595

CVE-2011-3610

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2011-3610

A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.

Source: CVE-2011-3610

CVE-2020-6960

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2020-6960

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.

Source: CVE-2020-6960

CVE-2020-7228

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2020-7228

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.

Source: CVE-2020-7228

CVE-2019-18583

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-18583

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.

Source: CVE-2019-18583

CVE-2019-18584

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-18584

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.

Source: CVE-2019-18584

CVE-2019-18586

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-18586

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.

Source: CVE-2019-18586

CVE-2019-18585

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2019-18585

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none.

Source: CVE-2019-18585

CVE-2020-6959

Posted on 2020년 1월 23일2020년 1월 23일 by admin

CVE-2020-6959

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.

Source: CVE-2020-6959