» 2020 » 3월

CVE-2019-14893

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.

Source: CVE-2019-14893

CVE-2018-19798

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-19798

Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.

Source: CVE-2018-19798

CVE-2018-20343

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-20343

Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded.

Source: CVE-2018-20343

CVE-2018-18479

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-18479

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2018-18479

CVE-2018-16356

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-16356

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.

Source: CVE-2018-16356

CVE-2018-19658

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-19658

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2018-19658

CVE-2018-16357

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-16357

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.

Source: CVE-2018-16357

CVE-2018-19284

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-19284

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: CVE-2018-19284

CVE-2018-19599

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-19599

Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.

Source: CVE-2018-19599

CVE-2018-17572

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data module.

Source: CVE-2018-17572