CVE-2017-15683
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Source: CVE-2017-15683
[월:] 2020년 11월
CVE-2017-15686
CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
Source: CVE-2017-15686
CVE-2020-28921
CVE-2020-28921
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.
Source: CVE-2020-28921
CVE-2017-15685
CVE-2017-15685
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Source: CVE-2017-15685
CVE-2020-10772
CVE-2020-10772
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
Source: CVE-2020-10772
CVE-2020-28922
CVE-2020-28922
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.
Source: CVE-2020-28922
CVE-2020-25014
CVE-2020-25014
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
Source: CVE-2020-25014
CVE-2020-25708
CVE-2020-25708
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Source: CVE-2020-25708
CVE-2017-15680
CVE-2017-15680
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
Source: CVE-2017-15680
CVE-2017-15681
CVE-2017-15681
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
Source: CVE-2017-15681