CVE-2017-7078: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component…

CVE-2017-7078 [MEDIUM] CWE-319 GHSA-vxrj-g732-gg2h: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.

CVE-2017-7078 [MEDIUM] CVE-2017-7078: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-7078 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-7078 [MEDIUM] CVE-2017-7078: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7078 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.

CVE-2017-5359 [HIGH] EasyCom For PHP 4.0.0 - Denial of Service EasyCom For PHP 4.0.0 - Denial of Service --- [+] Credits: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: easycom-aura.com Product: SQL iPlug EasycomPHP_4.0029.iC8im2.exe SQL iPlug provides System i applications real-time access to heterogeneous and external databases (Oracle, SQL Server, MySQL, MS Access, Sybase, Progress) in a completely transparent manner and without requiring replication. Vulnerability Type: Denial Of Service CVE Reference: CVE-2017-5359 Security Issue: SQL iPlug listens on port 7078 by default, it suffers from denial of service when sending overly long string via HTTP requests fed to the "D$EVAL" parameter. Exploit

CVE-2016-7078 [MEDIUM] CVE-2016-7078 foreman: Information leak through organizations and locations feature CVE-2016-7078 foreman: Information leak through organizations and locations feature When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. Upstream bug: http://projects.theforeman.org/issues/16982 Discussion: Acknowledgments: Name: the Foreman project Upstream: Daniel Lobato Garcia --- Upstream patch: https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905 References: http://seclists.org/oss-sec/2017/q1/470