CVE-2017-11583

FineCMS 5.0.9 has a SQL injection in libraries/Template.php via the catid parameter in an action=related request. Impact per CNVD/NVD records includes potential disclosure of all databases. No patch version or remediation is explicitly provided in the connected documents. Exploitation details are...

CVE-2017-11582

CVE-2017-11582 concerns dayrui FineCms 5.0.9, with a SQL Injection vulnerability in the libraries/Template.php file. The flaw is exploitable via the num parameter in requests for action=related or action=tags, enabling a remote attacker to execute arbitrary SQL commands. Multiple sources in the c...

Arbitrary Code Execution

twig is vulnerable to arbitrary code execution. Attackers can execute code by leveraging a flaw in the displayBlock function in Template.php through the self variable. This can only be exploited when Sandbox mode is enabled...

FineCMS multi vulnerablity

Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...

CVE-2016-5834

Cross-site scripting XSS vulnerability in the wpgetattachmentlink function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833...

CVE-2016-5834

Cross-site scripting XSS vulnerability in the wpgetattachmentlink function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833...

CVE-2016-5834

CVE-2016-5834 corresponds to a cross-site scripting (XSS) vulnerability in WordPress where the wp_get_attachment_link function in wp-includes/post-template.php could be exploited by a crafted attachment name to inject arbitrary script or HTML. Affected product: WordPress prior to version 4.5.3. R...

CVE-2015-7809

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...

CVE-2015-7809

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...

Code injection

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...

CVE-2015-7809

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...

CVE-2015-7809

Removed by vendor...

Updated dokuwiki packages fix security vulnerabilities

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access...

CVE-2014-8761

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call...

ispCP Omega <= 1.0.4 - Remote File Include Vulnerability

No description provided by source. + ispCP Omega = 1.0.4 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://isp-control.net/ + Dork: Powered by ispCP Omega + Code in ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php x ?php...

JV2 Folder Gallery <= 3.0 - Remote File Include Vulnerability

No description provided by source. Greatz to:AsB-MaY TeAm & HaCk.eGy & To0oFa ScRiPt:-http://foldergallery.jv2.net/download.php?file=foldergallery3.0.2 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm template.php:- ?php include $galleryfilesdir./galleryfooter.php; ? ExPlOiT:...

Php Blue Dragon CMS <= 2.9.1 (template.php) File Include Vulnerability

No description provided by source. ----------------------------------------------------- Advisory id: FSA:015 Author: Federico Fazzi Date: 14/06/2006, 18:20 Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability Type: high Product: http://phpbluedragon.net/ Patch: unavailable...

Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...

doyo 2.3 /template.php 本地文件包含漏洞

DOYO在template传参时，由于Template.php对传入文件路径的处理不当，逻辑错误，导致可包含任意文件（含相对路径）。 doyo 2.3...

FreeBSD : Dokuwiki -- XSS vulnerability (2fe4b57f-d110-11e1-ac76-10bf48230856)

Secunia Research reports : Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the 'ns' POST parameter in lib/exe/ajax.php when 'call' is set to 'medialist' and 'do' is set to 'media' is n...