21 matches found
EUVD-2017-7299
Malware in sbrugna...
EUVD-2017-7298
Malware in sbrugna...
EUVD-2017-7297
Malware in sbrugna...
GPWeb Password Recovery SQL Injection Vulnerability
GPWeb is a suite of public administration software for the Brazilian government sector, and Password Recovery is one of its password recovery tools. A SQL injection vulnerability exists in GPWeb version 8.4.61 of Password Recovery. The vulnerability can be exploited by a remote attacker to execut...
GPWeb Arbitrary File Upload Vulnerability
GPWeb is a suite of public management software dedicated to the Brazilian government sector. An arbitrary file upload vulnerability exists in GPWeb version 8.4.61. A remote attacker can exploit this vulnerability to upload arbitrary file types including: PHP shells...
GPWeb Information Disclosure Vulnerability
GPWeb is a suite of public management software dedicated to the Brazilian government sector. An information disclosure vulnerability exists in the db.php file in GPWeb version 8.4.61. A remote attacker could exploit this vulnerability to view passwords and user databases...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
Sql injection
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
Design/Logic Flaw
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
Unrestricted file upload
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15877
The CVE-2017-15877 entry concerns GPWeb 8.4.61, where an Insecure Permissions issue in db.php allows remote attackers to view password and user databases. This is supported by multiple connected records (NVD entry and CNVD/PRION/CVELIST variants) referencing GPWeb 8.4.61 and information disclosur...
CVE-2017-15876
GPWeb 8.4.61 is affected by an Unrestricted File Upload vulnerability allowing remote authenticated users to upload arbitrary files, including PHP shells. Multiple sources (NVD/CNVD/PRION/CVELIST) confirm the flaw exists in GPWeb 8.4.61 and enable uploading of unauthenticated? No—explicitly state...