Monthly Archive: December 2017

DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. Date published : 2017-12-18 http://0day5.com/archives/1542/

DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. Date published : 2017-12-18 https://www.seebug.org/vuldb/ssvid-20050

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. Date published : 2017-12-18 https://www.exploit-db.com/exploits/43379/ https://0day.today/exploit/29277

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. Date published : 2017-12-18 https://www.exploit-db.com/exploits/43334/ https://packetstormsecurity.com/files/145439/Paid-To-Read-Script-2.0.5-SQL-Injection.html

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. Date published : 2017-12-18 https://www.exploit-db.com/exploits/43333/ https://packetstormsecurity.com/files/145438/Readymade-Video-Sharing-Script-3.2-HTML-Injection.html

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. Date published : 2017-12-18 https://www.exploit-db.com/exploits/43336/ https://packetstormsecurity.com/files/145445/Bus-Booking-Script-1.0-SQL-Injection.html

FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. Date published : 2017-12-18 https://www.exploit-db.com/exploits/43335/ https://packetstormsecurity.com/files/145444/FS-Lynda-Clone-1.0-SQL-Injection.html

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system’s setup renders this password unchangeable and it can be used to access the device via a...

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to...

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)...

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size,...

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. Date published : 2017-12-18 https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. Date published : 2017-12-18 https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel

SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. Date published : 2017-12-18 https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel