{"vulnerability": "CVE-2017-12868", "sightings": [{"uuid": "8e48adda-5950-42fb-92f9-b096838627eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-12868", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/4507", "content": "https://arise-portal.eu/\nLocation: France\n\nCVE-2017-12868:\nThe secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.\n\nCVE-2019-9637:\nAn issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.\n\nCVE-2018-19520:\nAn issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.\n\nCVE-2016-5773:\nphp_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.\n\nBunch of other vul....", "creation_timestamp": "2024-08-25T08:42:29.000000Z"}, {"uuid": "418b2dcf-6bfc-4023-9af2-b7c3586e0335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-12868", "type": "seen", "source": "Telegram/BCpPBhLrKDo8iMPvx3AwjUXyHU4dOqMbMmn4fTKrKNg1isQ", "content": "", "creation_timestamp": "2024-08-25T11:49:59.000000Z"}]}