EUVD-2003-1402

Malware in sbrugna...

CVE-2012-10025

The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...

CVE-2020-26583

An issue was discovered in Sage DPW 202006x before 202006002. It allows unauthenticated users to upload JavaScript in a file via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include...

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

phorum5114local.txt

Some vulnerabilities have been discovered in Phorum, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and potentially compromise a vulnerable system. 1 Input passed to the "template" parameter in pm.php isn't properly verified,...

Arbitrary code inclusion in phpShop

A vulnerability has been discovered in the popular E-Commerce package 'phpShop'. The vulnerability's details are available in the attached advisory, or at http://www.fribble.net/advisories/phpshop29-04-04.txt Due to the nature of this vulnerability, I notified the lead programmer for this package...