CVE-2024-5709

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layoutname' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an...

Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004)

According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.3-266. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when handling email attachments involving malformed o...

Multiple Vendors '/servlets/FetchFile' Multiple Vulnerabilities - Active Check

Multiple vulnerabilities affecting the remote device have been found, these vulnerabilities allows uploading of arbitrary files and their execution, arbitrary file download with directory traversal, use of a weak algorithm for storing passwords and session hijacking. SPDX-FileCopyrightText: 2016...

Jupiter CMS 1.1.41.1.5 - modulesregister.php Multiple Cross-Site Scripting Vulnerabilities

Jupiter CMS 1.1.41.1.5 - modulesregister.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/20048/info Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues,...

WebCalendar send_reminders.php includedir Parameter Remote File Inclusion

The remote version of WebCalendar fails to sanitize user-supplied input to the 'includedir' parameter of the 'sendreminders.php' script. By leveraging this flaw, an attacker may be able to view arbitrary files on the remote host and execute arbitrary PHP code, possibly taken from third-party host...