🚨 CVE-2017-9442
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.

🎖@cveNotify

🚨 CVE-2017-9443
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.

🎖@cveNotify

🚨 CVE-2017-9614
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

🎖@cveNotify

🚨 CVE-2024-27627
A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page.

🎖@cveNotify

🚨 CVE-2024-28394
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.

🎖@cveNotify

🚨 CVE-2024-22079
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.

🎖@cveNotify

🚨 CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.

🎖@cveNotify

🚨 CVE-2023-49981
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.

🎖@cveNotify

🚨 CVE-2024-29859
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.

🎖@cveNotify

🚨 CVE-2024-21914
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.

🎖@cveNotify

🚨 CVE-2024-29644
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.

🎖@cveNotify

🚨 CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.

🎖@cveNotify

🚨 CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

🎖@cveNotify

🚨 CVE-2017-9852
An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

🎖@cveNotify

🚨 CVE-2017-9853
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

🎖@cveNotify

🚨 CVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

🎖@cveNotify

🚨 CVE-2017-9855
An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

🎖@cveNotify

🚨 CVE-2017-14988
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid

🎖@cveNotify

🚨 CVE-2017-15567
The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK

🎖@cveNotify

🚨 CVE-2017-15871
The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file

🎖@cveNotify

🚨 CVE-2017-14953
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product

🎖@cveNotify