CVE : Nchovy 인터넷 스톰 센터NCHOVY 인터넷 스톰 센터xeraph@nchovy.krCVE-2012-0979National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0979Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.2012-02-03T02:55:01+09002012-02-03T02:55:01+0900CVE-2012-0980National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0980SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.2012-02-03T02:55:01+09002012-02-03T02:55:01+0900CVE-2012-0448National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0448Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.2012-02-03T03:55:01+09002012-02-03T03:55:01+0900CVE-2012-0314National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0314Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.2012-02-03T13:05:51+09002012-02-03T13:05:51+0900CVE-2012-0977National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0977Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.2012-02-03T02:55:01+09002012-02-03T02:55:01+0900CVE-2012-0975National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0975Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter.2012-02-03T02:55:00+09002012-02-03T02:55:00+0900CVE-2012-0982National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0982SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.2012-02-03T02:55:01+09002012-02-03T02:55:01+0900CVE-2012-0440National Vulnerability Databasehttp://nchovy.kr/security/cve/CVE-2012-0440Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.2012-02-03T03:55:01+09002012-02-03T03:55:01+0900