» 2020 » 9월

CVE-2020-6127

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2020-6127

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6127

CVE-2019-5645

Posted on 2020년 9월 2일2020년 9월 2일 by admin

CVE-2019-5645

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.

Source: CVE-2019-5645

CVE-2020-7666

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-7666

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.

Source: CVE-2020-7666

CVE-2020-6129

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6129

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Source: CVE-2020-6129

CVE-2020-7669

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-7669

This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.

Source: CVE-2020-7669

CVE-2020-6130

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6130

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Source: CVE-2020-6130

CVE-2020-6131

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6131

SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.

Source: CVE-2020-6131

CVE-2020-7665

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-7665

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.

Source: CVE-2020-7665

CVE-2020-6121

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-6121

SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6121

CVE-2020-2251

Posted on 2020년 9월 1일2020년 9월 2일 by admin

CVE-2020-2251

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Source: CVE-2020-2251