CVE-2014-8676
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
Source: CVE-2014-8676
[월:] 2017년 09월
CVE-2014-8675
CVE-2014-8675
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner’s password via a brute-force attack on the embedded password hash.
Source: CVE-2014-8675
CVE-2015-7711
CVE-2015-7711
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
Source: CVE-2015-7711
CVE-2015-7700
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
Source: CVE-2015-7700
CVE-2015-5958
CVE-2015-5958
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
Source: CVE-2015-5958
CVE-2017-7855 (server)
CVE-2017-7855 (server)
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
Source: CVE-2017-7855 (server)
CVE-2016-5795
CVE-2016-5795
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
Source: CVE-2016-5795
CVE-2017-7855
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
Source: CVE-2017-7855
CVE-2016-10509 (opencart)
CVE-2016-10509 (opencart)
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
Source: CVE-2016-10509 (opencart)
CVE-2016-10508 (phpthumb)
CVE-2016-10508 (phpthumb)
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
Source: CVE-2016-10508 (phpthumb)