» 2020 » 5월

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.

Source: CVE-2020-8830

CVE-2019-19515

Posted on 2020년 5월 6일2020년 5월 6일 by admin

CVE-2019-19515

Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.

Source: CVE-2019-19515

CVE-2019-19514

Posted on 2020년 5월 6일2020년 5월 6일 by admin

CVE-2019-19514

Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.

Source: CVE-2019-19514

CVE-2020-8799

Posted on 2020년 5월 6일2020년 5월 6일 by admin

CVE-2020-8799

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.

Source: CVE-2020-8799

CVE-2020-12104

Posted on 2020년 5월 6일2020년 5월 6일 by admin

CVE-2020-12104

The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.

Source: CVE-2020-12104

CVE-2020-11737

Posted on 2020년 5월 6일2020년 5월 6일 by admin

CVE-2020-11737

A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.

Source: CVE-2020-11737