Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2104 | Information Exposure vulnerability in K-Opticom Corporation Business Lala Call 1.4.7 The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-28 | CVE-2017-2103 | Information Exposure vulnerability in K-Opticom Corporation Lala Call 2.4.7 The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-04-28 | CVE-2017-2102 | Cross-Site Request Forgery (CSRF) vulnerability in IPA Appgoat 3.0.0 Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2101 | Improper Authentication vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | 7.3 |
| 2017-04-28 | CVE-2017-2100 | Improper Input Validation vulnerability in IPA Appgoat 3.0.0/3.0.1 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | 6.3 |
| 2017-04-28 | CVE-2017-2099 | Unspecified vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. | 6.3 |
| 2017-04-28 | CVE-2017-2098 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 6.5 |
| 2017-04-28 | CVE-2017-2097 | Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2096 | OS Command Injection vulnerability in Smalruby Smalruby-Editor smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-04-28 | CVE-2017-2095 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | 4.3 |