CVE-2014-10074
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
Source: CVE-2014-10074
[월:] 2018년 08월
CVE-2015-9263
CVE-2015-9263
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
Source: CVE-2015-9263
CVE-2018-15893
CVE-2018-15893
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
Source: CVE-2018-15893
CVE-2015-9264
CVE-2015-9264
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator’s workstation via a crafted Windows service.
Source: CVE-2015-9264
CVE-2018-15899
CVE-2018-15899
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.
Source: CVE-2018-15899
CVE-2018-15602
CVE-2018-15602
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
Source: CVE-2018-15602
CVE-2018-15889
CVE-2018-15889
In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Source: CVE-2018-15889
CVE-2018-15888
CVE-2018-15888
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.
Source: CVE-2018-15888
CVE-2017-18345
CVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
Source: CVE-2017-18345
CVE-2018-15885
CVE-2018-15885
Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product’s capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.
Source: CVE-2018-15885