» 2020 » 6월

CVE-2019-19112

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2019-19112

The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.

Source: CVE-2019-19112

CVE-2020-14076

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14076

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.

Source: CVE-2020-14076

CVE-2020-14093

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

Source: CVE-2020-14093

CVE-2020-14077

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14077

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.

Source: CVE-2020-14077

CVE-2020-14074

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.

Source: CVE-2020-14074

CVE-2020-14075

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14075

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.

Source: CVE-2020-14075

CVE-2020-14080

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.

Source: CVE-2020-14080

CVE-2020-14081

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14081

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.

Source: CVE-2020-14081

CVE-2020-14078

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14078

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.

Source: CVE-2020-14078

CVE-2020-14079

Posted on 2020년 6월 15일2020년 6월 15일 by admin

CVE-2020-14079

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.

Source: CVE-2020-14079