Security Vulnerabilities - CVEs Published In February 2018
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.
CVSS Score
8.1
EPSS Score
0.0
Published
2018-02-02
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
CVSS Score
9.1
EPSS Score
0.727
Published
2018-02-02
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-02-02
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-02
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-02
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-02
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-02
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-02-02
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
CVSS Score
9.8
EPSS Score
0.241
Published
2018-02-02