9 matches found
Lychee 路径遍历漏洞
Lychee is a beautiful and easy to use photo management system open-sourced by The Lychee Organisation. It is used to manage and share photos. A path traversal vulnerability exists in Lychee versions prior to 6.6.6 through 6.6.10, which stems from path traversal and could lead to local file...
Apereo CAS vulnerable to credential leaks for LDAP authentication
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...
Authentication flaw
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...
CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this...
PT-2023-10342 · Unknown · Sitefusion Application Server
Name of the Vulnerable Software and Affected Versions: SiteFusion Application Server versions up to 6.6.6 Description: A problematic issue was found in the file getextension.php of the Extension Handler component, leading to path traversal. The estimated number of potentially affected devices...
GSD-2022-1000008 faker.js 6.6.6 is broken and the developer has wiped the original GitHub repo
faker.js had it's version updated to 6.6.6 in NPM which reports it as having 2,571 dependent packages that rely upon it and the GitHub repo has been wiped of content. This appears to have been done intentionally as the repo only has a single commit so it was likjely deleted, recreated and a singl...
aaPanel 6.6.6 Privilege Escalation
Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...
CVE-2020-14421
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...
PT-2020-13996 · Aapanel · Aapanel
Name of the Vulnerable Software and Affected Versions: aaPanel versions 6.6.6 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. This can be done by exploiting the vulnerability in the Script...