163 matches found
EUVD-2018-18403
Malware in sbrugna...
EUVD-2018-20766
Malware in sbrugna...
EUVD-2020-21557
Malware in sbrugna...
EUVD-2024-52791
Malicious code in bioql PyPI...
EUVD-2022-43648
Malicious code in bioql PyPI...
CVE-2024-55529
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zbusers\theme\shell\template...
CVE-2022-40357
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
CVE-2020-18268
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zbsystem/cmd.php."...
CVE-2020-23352
Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zbuser/plugin/passwordvisit/include.php:passwordvisitinputpassword uses loose comparison to authenticate, which can be bypassed via magic hash values...
CVE-2020-29176
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...
CVE-2020-29177
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...
CVE-2024-55529
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zbusers\theme\shell\template...
CVE-2024-55529
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zbusers\theme\shell\template...
CVE-2024-55529
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zbusers\theme\shell\template...
CVE-2024-55529
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zbusers\theme\shell\template...
CVE-2024-55529
CVE-2024-55529 affects Z-BlogPHP 1.7.3, with arbitrary code execution via the path zb_users\theme\shell\template. The issue is evidenced across multiple feeds (NVD/Red Hat/CNNVD/CVE.org), describing unauthenticated remote code execution (CVSS v3.1 score 9.8, vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:...
Z-BlogPHP cross-site scripting vulnerability (CNVD-2024-32984)
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. Z-BlogPHP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload...
CVE-2024-39203
A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-39203
A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Z-BlogPHP 安全漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. Z-BlogPHP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload...