CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6692
https://notcve.org/view.php?id=CVE-2014-6692
The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Kingsoft Clip (Office Tool) 1.5.1 (también conocida como cn.wps.clip) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/453929 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2005-2290
https://notcve.org/view.php?id=CVE-2005-2290
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. wps_shop.cgi en WPS Web Portal System 0.7.0 permite que atacantes remotos ejecuten ordenes web de su elección mediante metacaracteres de 'shell' en la variable (1) "art" a (2) "cat". • http://marc.info/?l=bugtraq&m=112128870110418&w=2 http://secunia.com/advisories/15780 http://securitytracker.com/id?1014480 http://www.securityfocus.com/bid/14245 •