CVE-2016-7524
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Source: CVE-2016-7524
[월:] 2020년 02월
CVE-2015-6000
CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
Source: CVE-2015-6000
CVE-2016-7523
CVE-2016-7523
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Source: CVE-2016-7523
CVE-2010-3917
CVE-2010-3917
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.
Source: CVE-2010-3917
CVE-2020-5528
CVE-2020-5528
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.
Source: CVE-2020-5528
CVE-2019-20406
CVE-2019-20406
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
Source: CVE-2019-20406
CVE-2019-20402
CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
Source: CVE-2019-20402
CVE-2019-20403
CVE-2019-20403
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.
Source: CVE-2019-20403
CVE-2019-20400
CVE-2019-20400
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.
Source: CVE-2019-20400
CVE-2019-20405
CVE-2019-20405
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.
Source: CVE-2019-20405