Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-13
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-13
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-13
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-13
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-13
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-12-13
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
CVSS Score
4.9
EPSS Score
0.004
Published
2017-12-13
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
CVSS Score
8.1
EPSS Score
0.003
Published
2017-12-13
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-12-13
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
CVSS Score
7.5
EPSS Score
0.756
Published
2017-12-13


Contact Us

Shodan ® - All rights reserved