CVE-2019-19167
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.
Source: CVE-2019-19167
[월:] 2020년 05월
CVE-2020-12672
CVE-2020-12672
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Source: CVE-2020-12672
CVE-2020-12666
CVE-2020-12666
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
Source: CVE-2020-12666
CVE-2020-11035
CVE-2020-11035
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
Source: CVE-2020-11035
CVE-2020-12463
CVE-2020-12463
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files.
Source: CVE-2020-12463
CVE-2020-11034
CVE-2020-11034
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
Source: CVE-2020-11034
CVE-2020-11033
CVE-2020-11033
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: – All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. – All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6.
Source: CVE-2020-11033
CVE-2020-11036
CVE-2020-11036
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "<script>alert(1)</script>" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `" onmouseover="alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the "last update" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6.
Source: CVE-2020-11036
CVE-2019-20768
CVE-2019-20768
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.
Source: CVE-2019-20768
CVE-2020-12439
CVE-2020-12439
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.
Source: CVE-2020-12439