CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

SUSE: Security Advisory (SUSE-SU-2013:1166-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-29474

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

CVE-2021-29474 Relative Path Traversal Attack on note creation

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

DEBIAN-CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

Axis Communications MPQT/PACS Heap Overflow / Information Leakage Vulnerabilities

Axis Communications MPQT/PACS suffers from heap overflow and information leakage vulnerabilities. STX Subject: Axis Communications MPQT/PACS Heap Overflow and Information Leakage. Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis August 2017 PoC:...

CURL-CVE-2013-2174 URL decode buffer boundary flaw

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

MyBB AJAX Chat - Persistent Cross-Site Scripting

MyBB AJAX Chat - Persistent Cross-Site Scripting Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability li...

PHPCMS V9 WAP module injection vulnerability-vulnerability warning-the black bar safety net

Used to urldecode a variable into the library before there is no effective filter, resulting in the injected generation. Detailed description: ! Vulnerability to prove: File location:/phpcms/modules/wap/index.php Vulnerability function: commentlist Unfiltered parameter:$GET'commentid' Trigger...

Slackware: Security Advisory (SSA:2004-239-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHPCMS_V9 /modules/comment/index.php 本地包含漏洞

由于PHPCMSV9文件attachments.php的未验证上传用户权限，可以上传文件仅图片。加上其他文件存在可以截断的本地包含漏洞，导致包含任意文件并获取webshell 文件\phpcms\modules\attachment\attachments.php codepublic function cropupload if isset$GLOBALS"HTTPRAWPOSTDATA" $pic = $GLOBALS"HTTPRAWPOSTDATA"; …… fileputcontents$this-uploadpath.$filepath.$newfile, $pic;/code...

phpcms2008 latest 0day & Exp-vulnerability warning-the black bar safety net

Source:My5t3ry The vulnerability exists in the yp/job. php 1 7-3 4 line, the urldecode function to blame, the code is as follows: | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 | switch$action case 'list': $catid = intval$catid; $head'keywords' .= 'List positions'; $head'title' .= 'Job...

zeroblogXSS.txt

Software: ZeroBlog Vendor: http://www.sothq.net Version: 1.2a , 1.1f Bug: XSS Exploitation: Remote --------------------------- Introduction: Zeroblog: Feature ritch weblog, d-board, live webcam option, and requires 3th party software, calendar, poll system, photogallery, smileys, search engine, 8...

CVE-2005-0453

The bufferurldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 null character after the file extension...