Pivotal Spring-LDAP Authentication Bypass Vulnerability

Pivotal Spring-LDAP is the U.S. Pivotal Software, Inc. to simplify LDAP programming in Java in a library . An authentication bypass vulnerability exists in Pivotal Spring-LDAP versions 1.3.0 through 2.3.1. A remote attacker can exploit this vulnerability to bypass the authentication mechanism and...

GSI WiNPAT Portal SQL Injection Vulnerability

GSI WiNPAT Portal is a Web-based industry solution for managing intellectual property from GSI Office Management in Germany. A SQL injection vulnerability exists in the login form in GSI WiNPAT Portal versions 3.2.0.1001 through 3.6.1.0. A remote attacker could exploit this vulnerability to execu...

04_nodeblog (=1.0.0), 0latency (=0.0.0) +15243 more potentially affected by CVE-2015-8857 via uglify-js (>=0.0.1 <=2.4.23)

uglify-js NPM version =0.0.1, =0.3.0, =0.0.1, =1.0.2, =1.0.1, =1.0.0, =0.0.1, =0.1.1, =0.1.2 and more Source cves: CVE-2015-8857 Source advisory: OSV:GHSA-34R7-Q49F-H37C...

CVE-2017-10197

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: Folios. The supported version that is affected is 5.4.2.x through 5.5.1.x. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality OPERA 5...

Oracle Hospitality OPERA 5 Property Services Unauthorized Access Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resource cost management, tracking and management of services throughout a customer's journey to improve customer...

mysql: Server: DML unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

pulp-consumer-client design flaws

pulp-consumer-client is a client for the Pulp platform codebase from the Pulp team. A design vulnerability exists in pulp-consumer-client versions 2.4.0 through 2.6.3, which stems from the program's failure to detect the server's TLS certificate signature. An attacker can exploit the vulnerabilit...

Haxx libcurl Denial of Service Vulnerability

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in Haxx libcurl versions 7.7 through 7.55.1. An attacker can exploit this vulnerability to cause a denial of...

CVE-2017-11498

Buffer overflow in hasplms in Gemalto ACC Admin Control Center, all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process a denial of service via a language pack ZIP file with invalid HTML files...

CVE-2017-14351

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution...

Horde_Image Remote Code Execution Vulnerability

HordeImage is an image editing package from Horde USA, which can provide color highlighting, image effect editing and other functions. A remote code execution vulnerability exists in HordeImage versions 2.0.0 through 2.5.1. A remote attacker could exploit this vulnerability to execute code...

Apache Solr Kerberos Plugin Remote Elevation of Privilege Vulnerability

Apache Solr is the United States Apache Apache Software Foundation of a search server based on Lucene a full-text search engine architecture, which supports the level of search , vertical search , highlighting search results , a variety of output formats , etc. Kerberos plugin is one of the netwo...

UBUNTU-CVE-2017-0752

A elevation of privilege vulnerability in the Android framework windowmanager. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835...

GoAhead Denial of Service Vulnerability

GoAhead is the United States Embedthis company a small embedded Web server , it supports embedded in a variety of devices and applications . A denial of service vulnerability exists in the 'websDecodeUrl' function of the http.c file in GoAhead versions 3.4.0 through 3.6.5. An attacker can exploit...

SimpleSAMLphp Information Disclosure Vulnerability

SimpleSAMLphp is a PHP authentication application that implements the SAML2.0 service provider and identity provider functionality . An information disclosure vulnerability exists in SimpleSAMLphp versions 1.7.0 through 1.14.10, which can be exploited by attackers to obtain sensitive information...

PT-2017-12602 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.80 Description: The issue allows bypassing security constraints and/or viewing the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. This is possible...

Intercom MaLion for Windows and Mac Hard-Coded Encryption Key Vulnerability

Intercom MaLion for Windows and MaLion for Mac are both products of Intercom Japan. Intercom MaLion for Windows is an IT asset management solution based on the Windows platform. maLion for Mac is a version based on the Mac platform. A security vulnerability exists in Intercom MaLion versions 3.2....

Intercom MaLion for Windows and Mac Authentication Bypass Vulnerability

Intercom MaLion for Windows and MaLion for Mac are both products of Intercom Japan. Intercom MaLion for Windows is an IT asset management solution based on the Windows platform. maLion for Mac is a version based on the Mac platform. A security vulnerability exists in Intercom MaLion versions 5.0....

Zoho ManageEngine OpManager Encryption Algorithm Vulnerability

Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software from Zoho. A security vulnerability exists in Zoho ManageEngine OpManager versions 11 through 12.2. An attacker can exploit the vulnerability to decode certificates...

VICIdial user_authorization command execution vulnerability

ICIdial is based on the Asterisk open source PBX system is a more complete handling of a large number of inbound and outbound call center software package, initially funded by Digium for research and development, to the open source community to maintain in order to extend the Asterisk application...