Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 3시간 12분 지남

CVE-2018-11505

일, 2018/05/27 - 7:29오전
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.

CVE-2018-6409

일, 2018/05/27 - 7:29오전
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.

CVE-2018-6410

일, 2018/05/27 - 7:29오전
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.

CVE-2018-6411

일, 2018/05/27 - 7:29오전
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.

CVE-2018-11500

일, 2018/05/27 - 6:29오전
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.

CVE-2018-11501

일, 2018/05/27 - 6:29오전
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.

CVE-2018-11503

일, 2018/05/27 - 6:29오전
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVE-2018-11504

일, 2018/05/27 - 6:29오전
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVE-2018-11494

일, 2018/05/27 - 5:29오전
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].

CVE-2018-11495

일, 2018/05/27 - 5:29오전
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.

CVE-2018-11496

일, 2018/05/27 - 5:29오전
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.

CVE-2018-11498

일, 2018/05/27 - 5:29오전
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.

CVE-2018-11499

일, 2018/05/27 - 5:29오전
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

CVE-2018-11489

일, 2018/05/27 - 3:29오전
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

CVE-2018-11490

일, 2018/05/27 - 3:29오전
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

CVE-2018-11493

일, 2018/05/27 - 3:29오전
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.

CVE-2018-11487

일, 2018/05/27 - 12:29오전
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.

CVE-2018-11471

토, 2018/05/26 - 4:29오전
Cockpit 0.5.5 has XSS via a collection, form, or region.

CVE-2018-11472

토, 2018/05/26 - 4:29오전
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).

CVE-2018-11473

토, 2018/05/26 - 4:29오전
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).

페이지