Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 20분 9초 지남

CVE-2018-17079

목, 2019/06/20 - 3:15오전
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.

CVE-2018-17842

목, 2019/06/20 - 2:15오전
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.

CVE-2019-11232

목, 2019/06/20 - 2:15오전
EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element.

CVE-2019-11233

목, 2019/06/20 - 2:15오전
EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field.

CVE-2019-11649 (fortify_software_security_center)

목, 2019/06/20 - 2:15오전
Cross-site scripting in Micro Focus Fortify software security center server, version 18.1, 18.2. The vulnerability may allow remote code execution.

CVE-2018-15506

목, 2019/06/20 - 2:15오전
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

CVE-2018-17389

목, 2019/06/20 - 2:15오전
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.

CVE-2018-17393

목, 2019/06/20 - 2:15오전
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.

CVE-2018-17398

목, 2019/06/20 - 2:15오전
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.

CVE-2018-17399

목, 2019/06/20 - 2:15오전
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.

CVE-2018-17423

목, 2019/06/20 - 2:15오전
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.

CVE-2018-17840

목, 2019/06/20 - 2:15오전
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.

CVE-2018-17841

목, 2019/06/20 - 2:15오전
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.

CVE-2019-12491

목, 2019/06/20 - 1:15오전
OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.

CVE-2019-6114 (paintshop_pro_2019)

목, 2019/06/20 - 1:15오전
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.

CVE-2019-9701

목, 2019/06/20 - 1:15오전
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

CVE-2018-18406

목, 2019/06/20 - 1:15오전
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users.

CVE-2018-18425

목, 2019/06/20 - 1:15오전
The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.)

CVE-2018-18471

목, 2019/06/20 - 1:15오전
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.

CVE-2018-18472

목, 2019/06/20 - 1:15오전
Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device.

페이지