CVE-2020-8998
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2020-8998
[월:] 2020년 02월
CVE-2020-6845
CVE-2020-6845
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.
Source: CVE-2020-6845
CVE-2020-6844
CVE-2020-6844
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.
Source: CVE-2020-6844
CVE-2014-4966
CVE-2014-4966
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(‘pipe’) calls or (2) crafted Jinja2 data.
Source: CVE-2014-4966
CVE-2013-4227
CVE-2013-4227
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
Source: CVE-2013-4227
CVE-2014-4967
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
Source: CVE-2014-4967
CVE-2013-4454
CVE-2013-4454
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities
Source: CVE-2013-4454
CVE-2014-4651
CVE-2014-4651
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
Source: CVE-2014-4651
CVE-2015-6970
CVE-2015-6970
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
Source: CVE-2015-6970
CVE-2015-7506
CVE-2015-7506
The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.
Source: CVE-2015-7506