|
249811
|
5.9 |
MEDIUM
Network
|
dollar_bank
|
dollar_bank_mobile
|
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5905
|
2024-11-21 12:28 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249812
|
5.9 |
MEDIUM
Network
|
payquicker
|
mypayquicker
|
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5902
|
2024-11-21 12:28 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249813
|
5.9 |
MEDIUM
Network
|
state_bank_of_india
|
state_bank_anywhere
|
The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5901
|
2024-11-21 12:28 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249814
|
6.1 |
MEDIUM
Network
|
kmc_information_systems
|
caseaware
|
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5631
|
2024-11-21 12:28 |
2017-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249815
|
8.8 |
HIGH
Network
|
we-con
|
levi_studio_hmi_editor
|
A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6037
|
2024-11-21 12:28 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249816
|
8.8 |
HIGH
Network
|
we-con
|
levi_studio_hmi_editor
|
A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6035
|
2024-11-21 12:28 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249817
|
7.5 |
HIGH
Network
|
hyundaiusa
|
blue_link
|
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user informat…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-6054
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249818
|
3.7 |
LOW
Adjacent
|
hyundaiusa
|
blue_link
|
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence…
|
NVD-CWE-noinfo
|
CVE-2017-6052
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249819
|
4.6 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5625
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249820
|
7.5 |
HIGH
Network
|
apache
|
cxf
|
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an …
|
CWE-384
Session Fixation
|
CVE-2017-5656
|
2024-11-21 12:28 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
