CVE-2017-1699

IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391...

Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37693)

Ecava IntegraXor is a toolset for creating and running human-machine interfaces for Web-based SCADA systems. Ecava IntegraXor suffers from a SQL injection vulnerability that can be exploited by an attacker to compromise an application, access or modify data, or exploit a potential vulnerability i...

Code injection

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

CVE-2017-12155

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2017-1606

IBM Financial Transaction Manager FTM for Multi-Platform MP 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection

Overview A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Yuuta Watanabe...

CVE-2017-2726

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...

Buffer overflow

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...

Buffer overflow

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...

CVE-2017-2725

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify...

Logic Design Vulnerability in EasyCMS Frontend

EasyCMS is lightweight scalable open source content management program, following the Apache2 open source agreement. A logical design vulnerability exists in the frontend of EasyCMS. Attackers can log into the user center and modify other people's mailboxes and data by intercepting and modifying...

Privilege escalation

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view,...

Design/Logic Flaw

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware subcomponent: Core. Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While...

CVE-2017-10278

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware subcomponent: Security. Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo...

Vulnerability in the Employment Service Management System of Beijing Rongzhi Chuangxiang Information Technology Co.

The Employment Service Management System is an information interaction system for students, companies, faculty counselors, the Career Center, and their employers. An unauthorized access vulnerability exists in the Employment Service Management System of Beijing Rongzhi Chuangxiang Information...

Cross site request forgery (csrf)

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

CVE-2017-1000244

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

CVE-2017-1000244

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

CVE-2017-1000244

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...