CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

Discuz UC_Server 本地文件包含漏洞（有条件限制）

简要描述： 怀着忐忑的心情提交了这个漏洞，依旧相信wooyun是一个良好的平台 赌上了作为一个白帽子的节操，不要在让他碎一地 详细说明： 条件一： 需要UC管理员权限。 条件二： 前台可上传带有PHP代码的可控文件。 漏洞函数onping在文件ucserver\control\admin\app.php function onping $ip = getgpc'ip'; $url = getgpc'url'; $appid = intvalgetgpc'appid'; $app = $ENV'app'-getappbyappid$appid; $status = '';...

Remote file inclusion

PHP remote file inclusion vulnerability in Exchange/include.php in PHPCON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfgAPPPATH parameter...

CVE-2007-6177

PHP remote file inclusion vulnerability in Exchange/include.php in PHPCON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfgAPPPATH parameter...

CVE-2007-6177

CVE-2007-6177 concerns a PHP remote file inclusion in Exchange/include.php of PHP_CON 1.3. The vulnerability enables an attacker to execute arbitrary PHP code by supplying a URL in the webappcfg[APPPATH] parameter. Documents consistently reference this exact vector and affected component, with no...