CVE-2017-17942
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
Source: CVE-2017-17942
[월:] 2017년 12월
CVE-2017-17938
CVE-2017-17938
PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.
Source: CVE-2017-17938
CVE-2017-17939
CVE-2017-17939
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.
Source: CVE-2017-17939
CVE-2017-17936
CVE-2017-17936
Vanguard Marketplace Digital Products PHP has CSRF via /search.
Source: CVE-2017-17936
CVE-2017-17932
CVE-2017-17932
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.
Source: CVE-2017-17932
CVE-2017-17941
CVE-2017-17941
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
Source: CVE-2017-17941
CVE-2017-17937
CVE-2017-17937
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
Source: CVE-2017-17937
CVE-2015-7889
CVE-2015-7889
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
Source: CVE-2015-7889
CVE-2017-10910
CVE-2017-10910
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.
Source: CVE-2017-10910
CVE-2015-3637
CVE-2015-3637
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
Source: CVE-2015-3637