Page 2 of 7 results (0.005 seconds)

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2

CVE-2017-1002001 – Mobile App Builder by WapPress <= 1.05 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2017-1002001

Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Existe una vulnerabilidad en el plugin mobile-app-builder-by-wappress v1.05 de WordPress. Este plugin incluye software CMS vulnerable sin licencia de http://www.invedion.com. Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. There are no file upload authentication or capability checks which make it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://www.exploit-db.com/exploits/41540 http://www.vapidlabs.com/advisory.php?v=180 https://wordpress.org/plugins-wp/mobile-app-builder-by-wappress • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2

CVE-2017-1002000 – How to Create an App for Android iPhone Easytouch <= 3.0 - Missing Authorization

https://notcve.org/view.php?id=CVE-2017-1002000

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. Existe una vulnerabilidad en el plugin mobile-friendly-app-builder-by-easytouch v3.0 en WordPress. El código en el archivo ./mobile-friendly-app-builder-by-easytouch/server/images.php no requiere autenticación o no verifica que el usuario tenga permisos para subir contenido. • https://www.exploit-db.com/exploits/41540 http://www.securityfocus.com/bid/96899 http://www.securityfocus.com/bid/96905 http://www.vapidlabs.com/advisory.php?v=179 https://wordpress.org/plugins-wp/mobile-friendly-app-builder-by-easytouch • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •