CVE-2024-6117

A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file...

CVE-2024-6589

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'rendercontentblocktemplate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include a...

CVE-2023-48362 Apache Drill: XXE Vulnerability in XML Format Reader

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-5349

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

CVE-2024-5008 WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController...

CVE-2023-45197

The CVE-2023-45197 entry concerns Adminer and AdminerEvo where the file-upload plugin allows uploading a file with a table name of “..” to the Adminer directory root, enabling an attacker to guess the filename and execute it. Affected software: Adminer and AdminerEvo (Adminer is no longer support...

AdminerEvo Security Breach

AdminerEvo is an open source database management tool in a single PHP file from AdminerEvo. A security vulnerability exists in AdminerEvo that originates from allowing an attacker to upload a table name "..." file to the root of the Adminer directory. An attacker exploiting this vulnerability cou...

WordPress plugin Shariff Wrapper security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

WordPress plugin tagDiv Composer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Exploit for OS Command Injection in Php

CVE-2024-4577 PHP-CGI RCE Quick Detection Usage: ba...

PT-2024-34916 · WordPress · The Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Cowidgets – Elementor Addons plugin for WordPress version 1.1.1 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server via the item...

SUSE CVE-2010-2525

A flaw was discovered in gfs2 file system's handling of acls access control lists. An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system...

CVE-2024-5348

The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafterlayout' attribute of the beforeafter widget, the 'eventsgridlayout' attribute of the eventsgrid and list widgets, the 'marqueelayout' attribute of th...

CVE-2024-5147

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'gridstyle' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

The vulnerability of the SuiteCRM customer relationship management system lies in the lack of restrictions on file downloads. This allows a malicious actor to execute or open files on the web server without having access to those files.

The vulnerability of the SuiteCRM customer relationship management system is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute or open files on the web server without having access to those files...

GHSA-5VV7-J593-MGJC Neos Flow Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...

CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

CVE-2024-3809

CVE-2024-3809 pertains to Porto Theme - Functionality (WordPress) and is a Local File Inclusion flaw exploitable by authenticated users with Contributor+ privileges via the slideshow_type post meta in versions up to 3.0.9. The bug allows including and executing arbitrary PHP code on the server, b...

CVE-2024-3807

CVE-2024-3807 affects the WordPress Porto theme (versions up to 7.1.0). The vulnerability is a Local File Inclusion via post-meta parameters porto_page_header_shortcode_type, slideshow_type, and post_layout, allowing an authenticated attacker with contributor-level permissions to include and exec...