Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data.
원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6014
원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6014
댓글 0
번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
---|---|---|---|---|
527 | CVE-2017-16608 | 관리자 | 2018.01.25 | 49 |
526 | CVE-2017-16609 | 관리자 | 2018.01.25 | 33 |
525 | CVE-2017-16605 | 관리자 | 2018.01.25 | 116 |
524 | CVE-2017-16590 | 관리자 | 2018.01.25 | 29 |
523 | CVE-2017-16601 | 관리자 | 2018.01.25 | 29 |
522 | CVE-2017-16591 | 관리자 | 2018.01.25 | 33 |
521 | CVE-2016-5345 | 관리자 | 2018.01.25 | 31 |
520 | CVE-2017-16593 | 관리자 | 2018.01.25 | 29 |
519 | CVE-2017-16592 | 관리자 | 2018.01.25 | 28 |
518 | CVE-2017-16595 | 관리자 | 2018.01.25 | 115 |
517 | CVE-2017-16594 | 관리자 | 2018.01.25 | 126 |
516 | CVE-2017-16597 | 관리자 | 2018.01.25 | 34 |
515 | CVE-2017-16596 | 관리자 | 2018.01.25 | 28 |
514 | CVE-2017-16599 | 관리자 | 2018.01.25 | 29 |
513 | CVE-2017-16598 | 관리자 | 2018.01.25 | 24 |