Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 59분 39초 지남

CVE-2019-8424

월, 2019/02/18 - 9:29오전
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.

CVE-2019-8425

월, 2019/02/18 - 9:29오전
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

CVE-2019-8426

월, 2019/02/18 - 9:29오전
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

CVE-2019-8427

월, 2019/02/18 - 9:29오전
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.

CVE-2019-8428

월, 2019/02/18 - 9:29오전
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

CVE-2019-8429

월, 2019/02/18 - 9:29오전
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.

CVE-2019-8432

월, 2019/02/18 - 9:29오전
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.

CVE-2019-8433

월, 2019/02/18 - 9:29오전
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.

CVE-2019-8434

월, 2019/02/18 - 9:29오전
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.

CVE-2019-8435

월, 2019/02/18 - 9:29오전
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.

CVE-2019-8436

월, 2019/02/18 - 9:29오전
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

CVE-2019-8419

월, 2019/02/18 - 7:29오전
VNote 2.2 has XSS via a new text note.

CVE-2019-8421

월, 2019/02/18 - 7:29오전
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.

CVE-2019-8422

월, 2019/02/18 - 7:29오전
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.

CVE-2019-7649

월, 2019/02/18 - 6:29오전
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.

CVE-2019-8418

월, 2019/02/18 - 6:29오전
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.

CVE-2019-8411

월, 2019/02/18 - 4:29오전
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

CVE-2019-8412

월, 2019/02/18 - 4:29오전
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.

CVE-2019-8413

월, 2019/02/18 - 4:29오전
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).

CVE-2018-20782

월, 2019/02/18 - 3:29오전
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.

페이지