Lucene search
K

1232 matches found

Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.4 views

PT-2023-6939 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a misconfigured shared hosting environment, allowing access to other users' content. A Moodle user with direct access to the web server outside of the Moodle webroot...

10CVSS6.9AI score0.0137EPSS
Exploits0References19
Prion
Prion
added 2023/06/09 6:16 a.m.19 views

Deserialization of untrusted data

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

6.5CVSS8.7AI score0.60809EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.23 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS8.9AI score0.60809EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.41 views

CVE-2023-2249 wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

8.8CVSS7.5AI score0.60809EPSS
Exploits1References3
CVE
CVE
added 2023/06/09 5:33 a.m.95 views

CVE-2023-2249

CVE-2023-2249 concerns wpForo Forum (WordPress) up to version 2.1.7. The vulnerability stems from insecure use of PHP file_get_contents, enabling Local File Inclusion, Server-Side Request Forgery, and PHAR deserialization. Authenticated attackers with minimal privileges (e.g., subscriber) can rea...

8.8CVSS9AI score0.60809EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/20 1:2 p.m.30 views

Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

Summary There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability CVE-2021-2992...

9.8CVSS0.5AI score0.06827EPSS
Exploits1Affected Software1
0day.today
0day.today
added 2022/03/31 12:0 a.m.221 views

COMPIE CMS Leado Local File Include Vulnerability

Exploit Title: COMPIE CMS Leado Local File Include Google Dork: /index.php?pathAjax= Date: 3/30/2022 Exploit Author: iranhack Security Team Vendor Homepage: iranhack.com Software Link: http://www.compie.co.il/ Version: V.1.0 Tested on: KaliLinux,windows 10 Local File Include...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/23 12:0 a.m.230 views

WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2022/02/01 10:56 a.m.49 views

CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file

Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum'...

7.7CVSS8.1AI score0.01343EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.9 views

Land Software Faust Iserver 路径遍历漏洞

Land Software Faust Iserver is used by Land Software Germany to bring Faust, Faust Entry and Lidos databases to the Intranet and Internet. A path traversal vulnerability exists in Land Software FAUST iServer versions 9.0.017.017.1- 9.0.018.018.4, which stems from a lack of local include...

7.8CVSS7.3AI score0.26823EPSS
Exploits3References5
0day.today
0day.today
added 2021/08/17 12:0 a.m.298 views

GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Vulnerabilities

Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation of the LFI: POST...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/17 12:0 a.m.280 views

GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution

Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Date: 6-16-21 Vendor Notified Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation ...

Exploits0
Gitee
Gitee
added 2021/01/24 6:59 p.m.7 views

Exploit for Path Traversal in Intelbras Tip200_Firmware

PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...

5.3CVSS6.6AI score0.04996EPSS
Exploits2
NVD
NVD
added 2020/11/12 6:15 p.m.16 views

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

9.8CVSS9.9AI score0.0307EPSS
Exploits0References2
Prion
Prion
added 2020/11/12 6:15 p.m.16 views

Authorization

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

7.5CVSS9.8AI score0.0307EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/12 5:33 p.m.18 views

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

10AI score0.0307EPSS
Exploits0References2
CVE
CVE
added 2020/11/12 5:33 p.m.48 views

CVE-2020-7472

This entry documents an unauthenticated remote code execution in SugarCRM via an authorization bypass and PHP local-file-include in the installation component. Affected versions include SugarCRM prior to 8.0, with 8.0 prior to 8.0.7, 9.0 prior to 9.0.4, and 10.0 prior to 10.0.0. The vulnerability...

9.8CVSS9.8AI score0.0307EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/02/11 6:15 p.m.26 views

CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

9.8CVSS9.5AI score0.02137EPSS
Exploits0References3
Prion
Prion
added 2020/02/11 6:15 p.m.17 views

Security feature bypass

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

7.5CVSS7.1AI score0.02137EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/02/11 5:41 p.m.30 views

CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

9.5AI score0.02137EPSS
Exploits0References3
Rows per page
Query Builder