Security Vulnerabilities - CVEs Published In December 2017
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-12-19
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.
CVSS Score
7.2
EPSS Score
0.011
Published
2017-12-19
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-19
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
CVSS Score
9.8
EPSS Score
0.388
Published
2017-12-19
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.
CVSS Score
9.8
EPSS Score
0.917
Published
2017-12-19
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
CVSS Score
9.8
EPSS Score
0.545
Published
2017-12-19
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.
CVSS Score
9.8
EPSS Score
0.038
Published
2017-12-19
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-12-18
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
CVSS Score
8.8
EPSS Score
0.011
Published
2017-12-18
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-12-18