» 2022 » 3월

A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.

Source: CVE-2021-43102

CVE-2022-26280

Posted on 2022년 3월 29일2022년 3월 29일 by admin

CVE-2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

Source: CVE-2022-26280

CVE-2022-26291

Posted on 2022년 3월 29일2022년 3월 29일 by admin

CVE-2022-26291

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.

Source: CVE-2022-26291

CVE-2022-24789

Posted on 2022년 3월 29일2022년 3월 29일 by admin

CVE-2022-24789

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.

Source: CVE-2022-24789

CVE-2021-43098

Posted on 2022년 3월 29일2022년 3월 29일 by admin

CVE-2021-43098

A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function.

Source: CVE-2021-43098

CVE-2021-43097

Posted on 2022년 3월 29일2022년 3월 29일 by admin

CVE-2021-43097

A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.

Source: CVE-2021-43097