Data on 997 North Korean Defectors Targeted in Hack

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-5009
PUBLISHED: 2019-01-04

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150×40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a …

CVE-2019-5310
PUBLISHED: 2019-01-04

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.

CVE-2018-8827
PUBLISHED: 2019-01-03

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.

CVE-2019-5005
PUBLISHED: 2019-01-03

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption.

CVE-2019-5006
PUBLISHED: 2019-01-03

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.

Read More HERE

Leave a Reply