CVE-2017-1000452
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
Source: CVE-2017-1000452
[월:] 2018년 01월
CVE-2017-1000448
CVE-2017-1000448
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.
Source: CVE-2017-1000448
CVE-2017-1000413
CVE-2017-1000413
Linaro’s open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.
Source: CVE-2017-1000413
CVE-2017-1000449
CVE-2017-1000449
BitThunder 0.9.2 stable is vulnerable to a buffer overflow in dtb_reverse.c file resulting in information disclosure
Source: CVE-2017-1000449
CVE-2017-1000444
CVE-2017-1000444
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution
Source: CVE-2017-1000444
CVE-2017-17097
CVE-2017-17097
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
Source: CVE-2017-17097
CVE-2017-1000445
CVE-2017-1000445
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
Source: CVE-2017-1000445
CVE-2017-17098
CVE-2017-17098
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.
Source: CVE-2017-17098
CVE-2017-1000443
CVE-2017-1000443
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.
Source: CVE-2017-1000443
CVE-2017-1000442
CVE-2017-1000442
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
Source: CVE-2017-1000442