| Max CVSS | 9.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-8947 | 5.0 |
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
|
03-10-2019 - 00:03 | 25-03-2018 - 16:29 | |
| CVE-2017-16666 | 9.0 |
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
|
03-10-2019 - 00:03 | 05-01-2018 - 16:29 | |
| CVE-2017-17097 | 5.0 |
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easie
|
18-01-2018 - 23:25 | 02-01-2018 - 15:29 | |
| CVE-2017-17098 | 7.5 |
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php
|
18-01-2018 - 15:58 | 02-01-2018 - 15:29 | |
| CVE-2007-4647 | 5.0 |
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
|
29-09-2017 - 01:29 | 31-08-2007 - 23:17 |