» 2020 » 3월

CVE-2018-15819

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-15819

EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.

Source: CVE-2018-15819

CVE-2020-8777

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2020-8777

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.

Source: CVE-2020-8777

CVE-2018-15820

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2018-15820

EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.

Source: CVE-2018-15820

CVE-2020-8778

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2020-8778

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

Source: CVE-2020-8778

CVE-2020-8776

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2020-8776

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.

Source: CVE-2020-8776

CVE-2020-8437

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2020-8437

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.

Source: CVE-2020-8437

CVE-2019-19607

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

Source: CVE-2019-19607

CVE-2019-19608

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2019-19608

A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

Source: CVE-2019-19608

CVE-2019-19371

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2019-19371

A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.

Source: CVE-2019-19371

CVE-2019-19370

Posted on 2020년 3월 3일2020년 3월 3일 by admin

CVE-2019-19370

A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts.

Source: CVE-2019-19370