107 matches found
OS Command Injection
locutus is vulnerable to arbitrary code execution. The PHP function escapeshellarg can be bypassed when used in Locutus, which would allow an attacker to inject and execute arbitrary commands via shell arguments...
Locutus PHP Injection Vulnerability
Locutus PHP is an open source PHP language standard library used in JavaScript . A security vulnerability exists in php/exec/escapeshellarg in Locutus PHP 2.0.11 and earlier versions. An attacker can exploit the vulnerability to execute code...
CVE-2020-13619
php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...
CVE-2020-13619
php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...
Code injection
php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...
Cross-site Scripting (XSS)
locutus is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as strings with unpermitted html tags are still accepted after using striptags...
Shopify: Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
What is Zookeeper? ==================== Zookeeper is a coordination service for distributed applications. It allows common services such as naming, synchronisation, configuration management and group services to be managed by a simple interface and It uses a data model of File System on an...