PT-2026-41673

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

CVE-2026-34795

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

WordPress plugin AI Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37638 · WordPress +1 · Ai Engine Wordpress Plugin +1

Name of the Vulnerable Software and Affected Versions: AI Engine versions 2.4.3 AI Engine WordPress plugin versions prior to 2.5.1 Description: The issue is related to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin fails to validate the file extension of logs path,...

PYSEC-2024-247

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

Skoda Security Breach

Skoda is a line of automobiles from Skoda. A security vulnerability exists in the Skoda Superb III 3V3 version 2.0 TDI that stems from the Real-Time Streaming Protocol not properly handling requests for the /logs URI, allowing an attacker to launch a denial-of-service DOS attack on the infotainme...

CVE-2022-4057

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs...

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

fuzzylime-lfi.txt

!/usr/bin/perl ---------------------------------------------------------- Fuzzylime CMS 3.01 Multiple LFI / RCE author : Cod3rZ website : http://cod3rz.helloweb.eu ---------------------------------------------------------- http://site/blog.php?file=../file\0...

Fuzzylime CMS 3.01a - file Local File Inclusion

Fuzzylime CMS 3.01a - file Local File Inclusion !/usr/bin/perl ---------------------------------------------------------- Fuzzylime CMS 3.01 Multiple LFI / RCE author : Cod3rZ website : http://cod3rz.helloweb.eu ----------------------------------------------------------...