Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Date published : 2018-02-23 https://jvn.jp/en/jp/JVN83834277/index.html
LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published : 2018-02-23...
In version 1012 and prior of Insteon’s Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. Date published : 2018-02-22 https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/
In version 1.9.7 and prior of Insteon’s Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. Date published...
In version 6.1.0.19 and prior of Wink Labs’s Wink – Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner....
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter. Date published : 2018-02-22 https://cxsecurity.com/issue/WLB-2017090094 https://cxsecurity.com/issue/WLB-2018020267
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. Date published : 2018-02-22 http://www.securityfocus.com/bid/103147 https://www.debian.org/security/2018/dsa-4188
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. Date published : 2018-02-22 http://www.unixodbc.org/unixODBC-2.3.5.tar.gz https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor’s blog without mention...
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. Date published : 2018-02-22 https://exploit-db.com/exploits/44165
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. Date published : 2018-02-22 https://exploit-db.com/exploits/44163 https://www.oracle.com/security-alerts/cpujan2021.html
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/. Date published : 2018-02-22 https://exploit-db.com/exploits/44159
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action. Date published : 2018-02-22 https://exploit-db.com/exploits/44164
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. Date published : 2018-02-22 https://exploit-db.com/exploits/44161