Lucene search
MitreCVELIST:CVE-2017-17097HistoryJan 02, 2018 - 3:00 p.m.
CVE-2017-17097
2018-01-0215:00:00
mitre
www.cve.org
9
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
Related
cve
cve
CVE-2017-17097
2018-01-02 15:29:00
nvd
nvd
CVE-2017-17097
2018-01-02 15:29:00
prion
prion
Cross site request forgery (csrf)
2018-01-02 15:29:00
exploitpack
exploitpack
gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities
2018-01-05 00:00:00
packetstorm
packetstorm
gps-server.net GPS Tracking Software 3.0 Code Injection / Password Reset
2018-01-06 00:00:00
zdt
zdt
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
2018-01-06 00:00:00
exploitdb
exploitdb
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
2018-01-05 00:00:00