RSS   Vulnerabilities for 'Supersign cms'   RSS

2018-09-21
 
CVE-2018-17173

CWE-94
 

 
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

 
2018-09-14
 
CVE-2018-16706

CWE-20
 

 
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

 
 
CVE-2018-16288

CWE-200
 

 
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

 
 
CVE-2018-16287

CWE-434
 

 
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.

 
 
CVE-2018-16286

CWE-287
 

 
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.

 

 >>> Vendor: LG 10 Products
Optimus g e973
Prada phone l-02d
L-03e
L-04d
L-09c
On-screen phone
Lg mobile
Nexus 5
Supersign cms
Lnd7210 firmware


Copyright 2019, cxsecurity.com

 

Back to Top