» 2020 » 2월

CVE-2020-9034

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.

Source: CVE-2020-9034

CVE-2020-9016

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.

Source: CVE-2020-9016

CVE-2020-9013

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-9013

Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.

Source: CVE-2020-9013

CVE-2020-9012

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-9012

A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.

Source: CVE-2020-9012

CVE-2020-9007

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic.

Source: CVE-2020-9007

CVE-2019-20456

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2019-20456

Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.

Source: CVE-2019-20456

CVE-2020-8996

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-8996

AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.

Source: CVE-2020-8996

CVE-2020-8997

Posted on 2020년 2월 17일2020년 2월 17일 by admin

CVE-2020-8997

Abbott FreeStyle Libre 14-day before February 2020 and FreeStyle Libre 2 before February 2020 allow remote attackers to enable write access via a specific NFC unlock command.

Source: CVE-2020-8997

CVE-2020-7050

Posted on 2020년 2월 16일2020년 2월 16일 by admin

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.

Source: CVE-2020-7050

CVE-2019-5187

Posted on 2020년 2월 15일2020년 2월 15일 by admin

CVE-2019-5187

An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Source: CVE-2019-5187