CVE-2017-2722

DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210TD with software V100R004C10,eSpace 7950 with software V200R003C00 and...

CVE-2017-8130

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak...

Foscam IP Video Camera Information Disclosure Vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. An information disclosure vulnerability exists in the Foscam C1 Indoor HD Camera. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to retrieve sensitive information...

Catalyst Mahara Code Execution Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara. An attacker could exploit the vulnerability to execute code...

Google Android System Remote Code Execution Vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. A remote code execution vulnerability exists in System for Google Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, which can be exploited by attackers to execute...

Panasonic Home Unit KX-HJB1000 SQL Injection Vulnerability

The Panasonic KX-HJB1000 Home unit devices is a webcam from Panasonic Japan. A SQL injection vulnerability exists in Home unit KX-HJB1000. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Denial of Service Vulnerability in WPS Forms

WPS Office is an office software suite developed independently by Kingsoft Corporation. A denial of service vulnerability exists in the xlsxrw module of formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service...

CVE-2017-10862

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token...

Code injection

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token...

Google Android Broadcom Component Elevation of Privilege Vulnerability (CNVD-2017-31740)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Broadcom Wi-Fi driver is a Broadcom-developed Wi-Fi driver module used in it. An elevation of privilege vulnerability exists in the Broadcom Wi-Fi driver in Android. An attack...

Google Android Qualcomm Memory Subsystem Memory Corruption Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA, and the Qualcomm Memory subsystem is a Qualcomm memory subsystem. A security vulnerability exists in the Qualcomm Memory subsystem in Android. An attacker could exploit this vulnerability...

Vanilla: Overwrite Drafts of Everyone

Description: ----------- Users have option to save drafts before doing comment on posts or discussions, where DraftID parameter is get passed to keep the draft record and if attacker replace this id with any existing id it will simple overwrite that record without checking the permission he that...

Joomla! cross-site scripting vulnerability (CNVD-2017-26330)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in versions of Joomla! prior to 3.7.4. The vulnerability stems from the program's failure to adequately...

iSmartAlarm cube device input validation vulnerability

The iSmartAlarm cube devices are a smart home device from iSmartAlarm USA. A denial of service vulnerability exists in iSmartAlarm cube devices. An attacker can exploit this vulnerability to cause a denial of service device stops responding...

IBM Jazz Reporting Service Information Disclosure Vulnerability (CNVD-2017-15929)

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in integration with IBM Rational CLM's Rational solution for managing all lifecycles of a development project. CLM users can access reports provided by JRS in dashboards,...

Microsoft Edge Security Bypass Vulnerability (CNVD-2017-12104)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A security bypass vulnerability exists in Microsoft Edge. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized...

Microsoft Windows Information Disclosure Vulnerability (CNVD-2017-12054)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to obtain sensitive information...

Microsoft Windows Information Disclosure Vulnerability (CNVD-2017-12562)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A local information disclosure vulnerability exists in Microsoft Windows. A local attacker could exploit this vulnerability to obtain sensitive information...

Microsoft Windows Local Security Bypass Vulnerability (CNVD-2017-12994)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A local security bypass vulnerability exists in Microsoft Windows. A local attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

QEMU Denial of Service Vulnerability (CNVD-2017-08695)

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU. An attacker could exploit this vulnerability to cause a denial of service...