2 matches found
CVE-2015-9177
CVE-2015-9177 describes a buffer over-read in a crypto API function on Android devices using Qualcomm Snapdragon (broad range of Automotive/Mobile/Wearable SD family) prior to the 2018-04-05 patch level. The issue is rated high/critical, with CVSSv3.0 vectors indicating network access, no user in...
Csv2WPeC Coupon <= 1.1 - Unauthenticated Remote File Upload
The code in csv2wpecCouponFileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for "; $uploadfile="/var/www/s.pht"; $ch =...