LG SuperSign CMS Remote Code Execution Vulnerability

LG SuperSign CMS is a content management system for LG webOS from the Luckin LG Group in Korea. The system supports connection to external databases and allows access to the server from mobile devices. A remote code execution vulnerability exists in LG SuperSign CMS, which can be exploited by...

CVE-2018-17173

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail...

CVE-2018-17173

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail...

CVE-2018-17173

CVE-2018-17173 affects LG SuperSign EZ CMS (2.5 era) and allows unauthenticated remote code execution via the sourceUri parameter to qsr_server/device/getThumbnail. Exploitation can lead to arbitrary command execution and complete server compromise. Remediation: upgrade to a patched LG SuperSign ...

CVE-2018-17173

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail...

Wordpress Pingback SourceURI拒绝服务和信息泄露漏洞

Wordpress是一款基于WEB的网络日记应用程序。 Wordpress包含的XMLRPC和Pingback存在多个问题，远程攻击者可以利用漏洞进行拒绝服务攻击或者获得敏感信息。 Wordpress处理Pingback机制存在问题，发送恶意请求可导致拒绝服务攻击。 另外由于在传递给wpremotefopen函数时对sourceURI参数缺少过滤，可导致指定非HTTP资源来读取类似本地文件或者FTP源的信息。特定情况下，恶意用户可判断部分文件是否存在在系统中。 WordPress Wordpress B2 0.6.2 .1 WordPress Wordpress B2 0.6.2...

WordPress 1.x2.0.x - Pingback SourceURI Denial of Service Information Disclosure

WordPress 1.x2.0.x - Pingback SourceURI Denial of Service Information Disclosure source: https://www.securityfocus.com/bid/22220/info WordPress is prone to a denial-of-service vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to consume memory and...