An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. Date published : 2017-12-27 http://www.ibm.com/support/docview.wss?uid=swg22011815 https://exchange.xforce.ibmcloud.com/vulnerabilities/123661
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Date published : 2017-12-27 http://www.securityfocus.com/bid/100345 http://seclists.org/fulldisclosure/2017/Aug/17
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. Date published : 2017-12-27...
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Date published : 2017-12-27 http://www.securityfocus.com/bid/100345 http://seclists.org/fulldisclosure/2017/Aug/17
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Date published : 2017-12-27 http://www.securityfocus.com/bid/100345 http://seclists.org/fulldisclosure/2017/Aug/17
MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. Date published : 2017-12-27 https://jvn.jp/en/jp/JVN45494523/index.html https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Resume%20Clone%20Script.md
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md
PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. Date published : 2017-12-26 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md