21 matches found
EUVD-2017-7299
Malware in sbrugna...
EUVD-2017-7298
Malware in sbrugna...
EUVD-2017-7297
Malware in sbrugna...
GPWeb Information Disclosure Vulnerability
GPWeb is a suite of public management software dedicated to the Brazilian government sector. An information disclosure vulnerability exists in the db.php file in GPWeb version 8.4.61. A remote attacker could exploit this vulnerability to view passwords and user databases...
GPWeb Password Recovery SQL Injection Vulnerability
GPWeb is a suite of public administration software for the Brazilian government sector, and Password Recovery is one of its password recovery tools. A SQL injection vulnerability exists in GPWeb version 8.4.61 of Password Recovery. The vulnerability can be exploited by a remote attacker to execut...
GPWeb Arbitrary File Upload Vulnerability
GPWeb is a suite of public management software dedicated to the Brazilian government sector. An arbitrary file upload vulnerability exists in GPWeb version 8.4.61. A remote attacker can exploit this vulnerability to upload arbitrary file types including: PHP shells...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
Design/Logic Flaw
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...
Sql injection
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
Unrestricted file upload
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15877
The CVE-2017-15877 entry concerns GPWeb 8.4.61, where an Insecure Permissions issue in db.php allows remote attackers to view password and user databases. This is supported by multiple connected records (NVD entry and CNVD/PRION/CVELIST variants) referencing GPWeb 8.4.61 and information disclosur...
CVE-2017-15876
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell...
CVE-2017-15875
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter...
CVE-2017-15875
CVE-2017-15875 documents a SQL injection vulnerability in GPWeb Password Recovery, version 8.4.61. The vulnerability allows remote attackers to execute arbitrary SQL commands via the checkemail parameter. Connected sources confirm the affected product/version and the injection vector, but do not ...
CVE-2017-15877
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database...