5283 matches found
CVE-2023-53941
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...
CVE-2023-53941
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...
CVE-2023-53944 EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...
CVE-2023-53944 EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...
CVE-2023-53944
EasyPHP Webserver 14.1 is affected by a path traversal vulnerability (CVE-2023-53944) that allows remote low-privilege users to read files outside the document root by bypassing SecurityManager. The documented payload involves crafted GET requests with encoded directory traversal sequences such a...
CVE-2023-53941
CVE-2023-53941 describes an OS command injection in EasyPHP Webserver 14.1. An unauthenticated attacker can trigger remote code execution by crafting the app_service_control payload and sending a POST to /index.php?zone=settings, leading to commands executed with administrative privileges. The CV...
CVE-2023-53941 EasyPHP Webserver 14.1 Remote Code Execution
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...
CVE-2023-53941 EasyPHP Webserver 14.1 Remote Code Execution
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...
PT-2025-52320
Name of the Vulnerable Software and Affected Versions EasyPHP Webserver version 14.1 Description An unauthenticated attacker can execute arbitrary system commands. This is possible by injecting malicious payloads through the app service control parameter. Attackers can send POST requests to the...
EasyPHP Webserver 安全漏洞
EasyPHP Webserver is an EasyPHP open source platform where you can build a development environment. A security vulnerability exists in EasyPHP Webserver version 14.1, which stems from a path traversal vulnerability that could lead to reading system files...
PT-2025-52323
Name of the Vulnerable Software and Affected Versions EasyPHP Webserver version 14.1 Description A path traversal flaw exists in EasyPHP Webserver that permits unauthenticated remote users with limited privileges to access files beyond the intended document root. This is achieved by circumventing...
EasyPHP Webserver 操作系统命令注入漏洞
EasyPHP Webserver is an EasyPHP open source platform that can build development environments. An operating system command injection vulnerability exists in EasyPHP Webserver version 14.1, which stems from OS command injection and could lead to the execution of arbitrary system commands...
GHSA-66H8-3G48-6HX8 Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...
CVE-2025-67895
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange PBX platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project...
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger...
CVE-2025-27232
A flaw was found in Zabbix. This vulnerability allows an authenticated Zabbix Super Admin to read arbitrary files from the webserver via exploiting the oauth.authorize action, leading to potential confidentiality loss...
SourceForge MinaliC Webserver 资源管理错误漏洞
SourceForge MinaliC Webserver is a SourceForge open source web service program. A resource management error vulnerability exists in SourceForge MinaliC Webserver version 2.0.0, which stems from improper handling of oversized GET requests and could lead to a denial of service attack...
CVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...