Category Archives: CVE

CVE

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submis

CVE-2017-1002153 : Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submis

CVEdetails.com the ultimate security vulnerability data source

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.

Publish Date : 2017-10-06 Last Update Date : 2017-10-06


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002153

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002153


Metasploit Modules Related To CVE-2017-1002153

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

CVE-2017-1002151 : Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

CVEdetails.com the ultimate security vulnerability data source

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002151

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002151


Metasploit Modules Related To CVE-2017-1002151

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection

CVE-2017-1002150 : python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection

CVEdetails.com the ultimate security vulnerability data source

python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) CSRF
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002150

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002150


Metasploit Modules Related To CVE-2017-1002150

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0

CVE-2017-1002100 : Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0

CVEdetails.com the ultimate security vulnerability data source

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to “container” which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002100

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002100


Metasploit Modules Related To CVE-2017-1002100

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transfo

CVE-2017-1002028 : Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transfo

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Sql Injection
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002028

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002028


Metasploit Modules Related To CVE-2017-1002028

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn’t sanitized before being

CVE-2017-1002027 : Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn’t sanitized before being

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn’t sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002027

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002027


Metasploit Modules Related To CVE-2017-1002027

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize u

CVE-2017-1002026 : Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize u

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002026

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002026


Metasploit Modules Related To CVE-2017-1002026

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize us

CVE-2017-1002025 : Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize us

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002025

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002025


Metasploit Modules Related To CVE-2017-1002025

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication befor

CVE-2017-1002024 : Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication befor

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002024

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002024


Metasploit Modules Related To CVE-2017-1002024

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQ

CVE-2017-1002023 : Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQ

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002023

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002023


Metasploit Modules Related To CVE-2017-1002023

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico