CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
Source: CVE-2017-15877
[월:] 2017년 12월
CVE-2017-15876
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.
Source: CVE-2017-15876
CVE-2017-15524
CVE-2017-15524
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.
Source: CVE-2017-15524
CVE-2017-15875
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
Source: CVE-2017-15875
CVE-2017-11562
CVE-2017-11562
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.
Source: CVE-2017-11562
CVE-2017-17105
CVE-2017-17105
Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.
Source: CVE-2017-17105
CVE-2017-17106
CVE-2017-17106
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
Source: CVE-2017-17106
CVE-2017-17107
CVE-2017-17107
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system’s setup renders this password unchangeable and it can be used to access the device via a TELNET session.
Source: CVE-2017-17107
CVE-2017-16949
CVE-2017-16949
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
Source: CVE-2017-16949
CVE-2017-15700
CVE-2017-15700
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
Source: CVE-2017-15700