CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2017-1002003 – Wp2android <= 1.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2017-1002003
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Existe una vulnerabilidad en el plugin wp2android-turn-wp-site-into-android-app v1.1.4 de WordPress. Este plugin incluye software CMS vulnerable sin licencia de http://www.invedion.com/. The Wp2android plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/server/images.php file in versions up to, and including, 1.1.4. That combined with the ability to directly access the file makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://www.exploit-db.com/exploits/41540 http://www.securityfocus.com/bid/96908 http://www.vapidlabs.com/advisory.php?v=182 https://wordpress.org/plugins-wp/wp2android-turn-wp-site-into-android-app • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7111
https://notcve.org/view.php?id=CVE-2014-7111
The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Excellence (también conocida como an.exc.ap ) 1.4.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/601857 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5770
https://notcve.org/view.php?id=CVE-2014-5770
The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Web Browser for Android (también conocido como explore.web.browser) 1.2 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/718105 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1969
https://notcve.org/view.php?id=CVE-2014-1969
Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. Vulnerabilidad de salto de directorio en la aplicación apps4u@android SD Card Manager anterior a 20140224 para Android permite a atacantes sobreecribir o crear archivos arbitrarios a través de un nombre de archivo manipulado. • http://jvn.jp/en/jp/JVN47386847/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000035 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4771
https://notcve.org/view.php?id=CVE-2011-4771
The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. La aplicación Scan to PDF Free (com.scan.to.pdf.trial) v2.0.4 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar archivos escaneados y una cuenta de Google a través de una aplicación modificada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4771-vulnerability-in-ScanToPDF.html • CWE-264: Permissions, Privileges, and Access Controls •