17 matches found
EUVD-2001-0471
Malware in sbrugna...
EUVD-2018-1902
Malware in sbrugna...
EUVD-2009-4223
Malware in sbrugna...
EUVD-2002-1413
Malware in sbrugna...
EUVD-2022-42601
Malicious code in bioql PyPI...
CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...
CVE-2024-25846
In the module "Product Catalog CSV, Excel Import" simpleimportproduct = 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php...
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information full path via an include/smarty/plugins/modifier.dateformat.php request if PHP has a non-recommended configuration that produces warning messages...
CVE-2013-5931
SQL injection vulnerability in propertylistingsdetail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter...
Sensitive Information Disclosure
zendframework/zend-developer-tools is vulnerable to Sensitive Information Disclosure. The vulnerability is due to a change made during the update to support PHP 7.3 that potentially prevents toolbar entries, which are enabled by default, from being disabled. The attacker can exploit this by...
DedeCMSV6 suffers from information leakage vulnerability
DedeCMSV6 is based on PHP 7.x development, is scalable and fully open source. An information disclosure vulnerability exists in DedeCMSV6. An attacker can exploit the vulnerability to obtain sensitive information...
Moodle Lesson Module Cross-Site Scripting Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Lesson is one of the modules for selecting courses online. A security vulnerability exists in the access.php script in the Lesson modul...
CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)
The remote host is running the CodeThat.com ShoppingCart, a shopping cart program written in PHP. The remote version of this software fails to sanitize input to the 'id' parameter of the 'catalog.php' script before using it in a database query. An unauthenticated, remote attacker could leverage...
CVE-2004-1581
BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to 1 checkdb.inc.php, 2 admin.inc.php or 3 cp.inc.php, which reveals the path in a PHP error message...
MediaWiki 1.3.x - Arbitrary Script Upload
MediaWiki 1.3.x - Arbitrary Script Upload source: https://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied...
Multiple Vulnerabilities in Silent Storm Portal
CHT Security Research-2004 http://www.CyberSpy.Org Turkey Software: Silent Storm Portal Web Site: http://www.silent-storm.co.uk/ssp/ Affected Versions: 2.1,2.2 Description: Silent Storm Portal is a PHP based portal system.It requires PHP4 or above.no MySQL needed. Multiple Vulnerabilities in Sile...