21 matches found
EUVD-2017-7297
Malware in sbrugna...
EUVD-2017-7299
Malware in sbrugna...
EUVD-2017-7298
Malware in sbrugna...
GPWeb Arbitrary File Upload Vulnerability
GPWeb is a suite of public management software dedicated to the Brazilian government sector. An arbitrary file upload vulnerability exists in GPWeb version 8.4.61. A remote attacker can exploit this vulnerability to upload arbitrary file types including: PHP shells...
GPWeb Password Recovery SQL Injection Vulnerability
GPWeb is a suite of public administration software for the Brazilian government sector, and Password Recovery is one of its password recovery tools. A SQL injection vulnerability exists in GPWeb version 8.4.61 of Password Recovery. The vulnerability can be exploited by a remote attacker to execut...
GPWeb Information Disclosure Vulnerability
GPWeb is a suite of public management software dedicated to the Brazilian government sector. An information disclosure vulnerability exists in the db.php file in GPWeb version 8.4.61. A remote attacker could exploit this vulnerability to view passwords and user databases...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
Unrestricted file upload
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
Sql injection
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
Design/Logic Flaw
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15875
CVE-2017-15875 documents a SQL injection vulnerability in GPWeb Password Recovery, version 8.4.61. The vulnerability allows remote attackers to execute arbitrary SQL commands via the checkemail parameter. Connected sources confirm the affected product/version and the injection vector, but do not ...
CVE-2017-15876
GPWeb 8.4.61 is affected by an Unrestricted File Upload vulnerability allowing remote authenticated users to upload arbitrary files, including PHP shells. Multiple sources (NVD/CNVD/PRION/CVELIST) confirm the flaw exists in GPWeb 8.4.61 and enable uploading of unauthenticated? No—explicitly state...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...