67 matches found
CVE-2017-1000189
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...
CVE-2017-1000228
CVE-2017-1000228 affects nodejs ejs: any versions older than 2.5.3 are vulnerable to remote code execution due to weak input validation in ejs.renderFile(). Explanation: this is a concrete vulnerability with multiple coordinated disclosures (NVD entry and corroborating reports in GHSA, Debian, CN...
nodejs ejs remote code execution vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-05372)
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS...
FreePBX 13.0.x Code Execution
Vulnerable software : Freepbx Tested versions : 13.0.x $this-commandline = $commandline; $this-cwd = $cwd; Line 275 $commandline = $this-commandline; if '\' === DIRECTORYSEPARATOR && $this-enhanceWindowsCompatibility $commandline = 'cmd /V:ON /E:ON /C "'.$commandline.''; foreach...
FreePBX 13.0.x 13.0.154 - Remote Command Execution
FreePBX 13.0.x 13.0.154 - Remote Command Execution Vulnerable software : Freepbx Tested versions : 13.0.x $this-commandline = $commandline; $this-cwd = $cwd; Line 275 $commandline = $this-commandline; if '\' === DIRECTORYSEPARATOR && $this-enhanceWindowsCompatibility $commandline = 'cmd /V:ON...
TCLhttpd 3.4.2 - Directory Listing Disclosure
TCLhttpd 3.4.2 - Directory Listing Disclosure source: https://www.securityfocus.com/bid/8687/info It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation...