CVE-2017-12905
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
Source: CVE-2017-12905
[월:] 2017년 09월
CVE-2015-7317
CVE-2015-7317
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
Source: CVE-2015-7317
CVE-2015-7315
CVE-2015-7315
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
Source: CVE-2015-7315
CVE-2015-7316
CVE-2015-7316
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
Source: CVE-2015-7316
CVE-2010-3050
CVE-2010-3050
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
Source: CVE-2010-3050
CVE-2010-3049
CVE-2010-3049
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
Source: CVE-2010-3049
CVE-2017-1551
CVE-2017-1551
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.
Source: CVE-2017-1551
CVE-2017-9551
CVE-2017-9551
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user’s account.
Source: CVE-2017-9551
CVE-2017-1555
CVE-2017-1555
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
Source: CVE-2017-1555
CVE-2017-14729
CVE-2017-14729
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
Source: CVE-2017-14729