3 matches found
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...
The vulnerability of the formWriteFacMac() function (/goform/WriteFacMac) in the Tenda AC15 router software allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function /goform/WriteFacMac of the Tenda AC15 router software lies in the lack of measures taken to neutralize special elements used in the OS commands when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2017-1002028
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query...