CVE-2017-5830 (revive_adserver)
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Source: CVE-2017-5830 (revive_adserver)
[월:] 2017년 03월
CVE-2017-5834 (libplist)
CVE-2017-5834 (libplist)
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
Source: CVE-2017-5834 (libplist)
CVE-2017-5830
CVE-2017-5830
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Source: CVE-2017-5830
CVE-2017-5831
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
Source: CVE-2017-5831
CVE-2017-5832
CVE-2017-5832
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user’s email address.
Source: CVE-2017-5832
CVE-2017-5834
CVE-2017-5834
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
Source: CVE-2017-5834
CVE-2017-5867
CVE-2017-5867
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
Source: CVE-2017-5867
CVE-2017-5833
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Source: CVE-2017-5833
CVE-2017-5835
CVE-2017-5835
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
Source: CVE-2017-5835
CVE-2017-5616
CVE-2017-5616
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
Source: CVE-2017-5616