» 2020 » 9월

An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.

Source: CVE-2020-6153

CVE-2020-26088

Posted on 2020년 9월 25일2020년 9월 25일 by admin

CVE-2020-26088

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.

Source: CVE-2020-26088

CVE-2020-13521

Posted on 2020년 9월 25일2020년 9월 25일 by admin

CVE-2020-13521

Parameter psAttribute in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

Source: CVE-2020-13521

CVE-2020-24365

Posted on 2020년 9월 25일2020년 9월 25일 by admin

CVE-2020-24365

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127×9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)

Source: CVE-2020-24365

CVE-2020-15840

Posted on 2020년 9월 25일2020년 9월 25일 by admin

CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property ‘portlet.resource.id.banned.paths.regexp’ can be bypassed with doubled encoded URLs.

Source: CVE-2020-15840

CVE-2020-12280

Posted on 2020년 9월 25일2020년 9월 25일 by admin

CVE-2020-12280

iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.

Source: CVE-2020-12280