Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 33분 24초 지남

CVE-2019-19015

화, 2019/12/03 - 2:15오전
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code.

CVE-2019-19016

화, 2019/12/03 - 2:15오전
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.

CVE-2019-19017

화, 2019/12/03 - 2:15오전
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.

CVE-2019-19018

화, 2019/12/03 - 2:15오전
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.

CVE-2019-12388

화, 2019/12/03 - 2:15오전
Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.

CVE-2019-12389

화, 2019/12/03 - 2:15오전
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.

CVE-2019-12390

화, 2019/12/03 - 2:15오전
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.

CVE-2019-12391

화, 2019/12/03 - 2:15오전
The Anviz Management System for access control has insufficient logging for device events such as door open requests.

CVE-2019-12392

화, 2019/12/03 - 2:15오전
Anviz access control devices allow remote attackers to issue commands without a password.

CVE-2019-12393

화, 2019/12/03 - 2:15오전
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.

CVE-2019-15628

화, 2019/12/03 - 1:15오전
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

CVE-2019-19502

화, 2019/12/03 - 1:15오전
pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames.

CVE-2019-19118

월, 2019/12/02 - 11:15오후
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)

CVE-2019-19245

월, 2019/12/02 - 11:15오후
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.

CVE-2019-19496

월, 2019/12/02 - 1:15오후
Alfresco Enterprise 5.2.4 allows stored XSS via an uploaded HTML document.

CVE-2019-19362

월, 2019/12/02 - 12:15오후
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

CVE-2019-19493

월, 2019/12/02 - 12:15오후
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

CVE-2019-19489

월, 2019/12/02 - 11:15오전
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.

CVE-2019-19490

월, 2019/12/02 - 11:15오전
LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

CVE-2019-19491

월, 2019/12/02 - 11:15오전
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.

페이지