13 matches found
CVE-2025-28998
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue affects SERPed.net: from n/a through = 4.6...
CVE-2025-28998 WordPress SERPed.net plugin <= 4.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in serpednet SERPed.net allows PHP Local File Inclusion. This issue affects SERPed.net: from n/a through 4.6...
CVE-2025-28998
CVE-2025-28998 concerns a Local File Inclusion (LFI) in the WordPress SERPed.net plugin versions
CVE-2025-28998 WordPress SERPed.net plugin <= 4.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue affects SERPed.net: from n/a through = 4.6...
CVE-2022-28998
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2021-28998
CMS Made Simple is affected by a file upload vulnerability up to version 2.2.15 that allows remote authenticated attackers to gain a webshell via a crafted phar file. The issue is a file upload flaw in the CMSMS component/functionality (no explicit code path provided here beyond the phar-based up...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2023-28998
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...
CVE-2023-28998
The CVE-2023-28998 entry concerns the Nextcloud Desktop Client. Versions from 3.0.0 up to, but not including, 3.6.5 are vulnerable: a malicious server administrator can gain full access to an end-to-end encrypted folder, decrypt files, recover the folder structure, and add new files. Affected sof...
CVE-2023-28998 Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...
CVE-2022-28998
CVE-2022-28998 affects Xlight FTP v3.9.3.2 and is caused by a stack-based buffer overflow that enables an attacker to disclose sensitive information via crafted code. Multiple connected records corroborate this vulnerability detail (buffer overflow in Xlight FTP v3.9.3.2). Exploitation status, sp...
CVE-2020-28998
Geeni GNC-CW013 doorbell (firmware 1.8.1) is affected by CVE-2020-28998 due to a Telnet service vulnerability in which a system account uses a default/static password, enabling remote full control by an unauthenticated attacker. The issue is confirmed across multiple sources; the core root cause ...