» 2020 » 5월

CVE-2020-7805

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-7805

An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.

Source: CVE-2020-7805

CVE-2020-7803

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-7803

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.

Source: CVE-2020-7803

CVE-2020-10973

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-10973

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, affecting /cgi-bin/ExportALLSettings.sh. A crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.

Source: CVE-2020-10973

CVE-2020-5746

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.

Source: CVE-2020-5746

CVE-2020-5751

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-5751

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.

Source: CVE-2020-5751

CVE-2020-5745

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-5745

Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

Source: CVE-2020-5745

CVE-2020-7646

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-7646

curlrequest through 1.0.1 allows execution of arbitrary commands.It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values.

Source: CVE-2020-7646

CVE-2020-5749

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-5749

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted group.

Source: CVE-2020-5749

CVE-2020-5750

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-5750

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

Source: CVE-2020-5750

CVE-2020-5748

Posted on 2020년 5월 8일2020년 5월 8일 by admin

CVE-2020-5748

Insufficient output sanitization in TCExam 14.2.2 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks via the self-registration feature.

Source: CVE-2020-5748