admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-30 15:01:11 +00:00
parent ba849c153e
commit 60c30cc539
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10937.json
View File

@ -61,6 +61,11 @@
"url": "https://bugs.debian.org/939702",
"refsource": "MISC",
"name": "https://bugs.debian.org/939702"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1976-1] imapfilter security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00040.html"
}
]
}

2
2019/1010xxx/CVE-2019-1010095.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: http://127.0.0.1/admin/users/add.php. The attack vector is: After the administrator logged in, open the html page."
"value": "DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can add the administrator account. The component is: admin/users/add.php. The attack vector is: After the administrator logged in, open the html page."
}
]
},

2
2019/1010xxx/CVE-2019-1010096.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "domainmod(https://domainmod.org/) domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page."
"value": "DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page."
}
]
},

5
2019/15xxx/CVE-2019-15681.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a",
"url": "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1977-1] libvncserver security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html"
}
]
},

2
2019/17xxx/CVE-2019-17506.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely."
"value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely."
}
]
},