UBUNTU-CVE-2022-37425

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion...

CVE-2022-37425

CVE-2022-37425 affects OpenNebula core on Linux, due to improper neutralization of special elements used in a command, allowing Remote Code Inclusion. The vulnerability is rated CRITICAL (CVSS v3.1, high impact on C/I/A). A mitigation in the public record is the OpenNebula 6.4.2 LTS maintenance r...

PT-2022-23990 · Unknown · Opennebula

Name of the Vulnerable Software and Affected Versions: OpenNebula affected versions not specified Description: The issue is related to an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in OpenNebula core on Linux, allowing Remote Code Inclusion...

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development,...

Driver Disk for Intel i40e 2.0.23 - For XenServer 7.x CR

Who Should Install this Driver Disk? Customers running a Citrix XenServer 7.x Current Release who use Intel's i40e driver and wish to use the latest version of the following: Driver Module| Version ---|--- i40e| 2.0.23 Issues Resolved In this Driver Disk Includes general enhancements and bug fixe...

CVE-2020-26583

An issue was discovered in Sage DPW 202006x before 202006002. It allows unauthenticated users to upload JavaScript in a file via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include...

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

FreeBSD : phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)

The phpMyAdmin development team reports : Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially crafted database name. Severity We consider this attack to be of...

ShopXP admin/pinglun.asp SQL注入漏洞

http://bbs.anquan.org/forum.php?mod=viewthread&tid=22021&page=1pid55222漏洞存在于/admin/pinglun.asp 文件 --用户评论 首先看到 引用了xp.asp文件， 这个文件的作用是获取数据库连接对象，继续回到/admin/pinglun.asp 文件， pinglunid=request.QuerySt...

WP Super Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

The WP Super Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...

webEdition CMS - Local File Inclusion

=================================================================== webEdition CMS DOCUMENTROOT Local File Inclusion vulnerability =================================================================== Software: webEdition CMS 6.1.0.2 Vendor: http://www.webedition.org Vuln Type: Local File Inclusion...

Nucleus 3.61 - Multiple Remote File Inclusions

Nucleus 3.61 - Multiple Remote File Inclusions Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y...

Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion

The version of Coppermine Photo Gallery installed on the remote host fails to filter user-supplied input to the 'GLOBALSUSERlang' parameter of the 'index.php' script before using it to include PHP code in 'includes/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an...

nitrotech-rfisql.txt

Name: Nitrotech 0.0.3a Multiple Remote Vulnerabilities Download: http://sourceforge.net/project/downloading.php?groupname=nitrotech&filename=nitrotech003a.zip&usemirror=garr Author: Osirys, thanks to x0r Contact: [email protected] Nitrotech cms is vulnerable to multiple vulnerabilities, like remote...

CVE-2007-5566

Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the bloglocalpath parameter to 1 includes/functions.php or 2 includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in function...

LS simple guestbook (v1) Remote Code Execution Vulnerability

No description provided by source. Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input...

MapLab MS4W 2.2.1 - Remote File Inclusion

Bug Found By ka0x D.O.M TEAM we are: anonyph;arp;ka0x;xarnuz Contact: [email protected] FROM SPAIN --- Script: MapLab Version: 2.2.1 Official Site: http://www.maptools.org Download: http://www.maptools.org/dl/ms4w/maplabms4w-2.2.1.zip -- Bug File: params.php Path: /htdocs/gmapfactory/params.php Bu...

CVE-2007-1636

CVE-2007-1636 affects RoseOnlineCMS 3 B1 and is described as a directory traversal vulnerability in index.php. The vulnerability allows remote attackers to include arbitrary files by using a .. sequence in the op parameter, with demonstrated impact involving injection of PHP code into Apache log ...

Messagerie Locale - 'centre.php' Remote File Inclusion

=================================================================================== Messagerie Locale = centre.php $page Remote File Inclusion Exploit =================================================================================== Softname : Messagerie Locale Url :...