98 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-15726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2016-9860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with...
Linux Distros Unpatched Vulnerability : CVE-2016-6629
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way ...
Linux Distros Unpatched Vulnerability : CVE-2016-6622
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdm...
PT-2025-34230 · Moss · Moss
Name of the Vulnerable Software and Affected Versions: Moss versions prior to 0.15 Description: Moss before version 0.15 contains a file upload issue. The configuration of the upload function permits attackers to upload files with any extension to arbitrary locations on the target server...
CVE-2025-2183
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
Server-Side Request Forgery (SSRF)
Kyverno is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of Service Call destinations due to the ability of attackers to craft policies that initiate requests to arbitrary servers under their control...
CVE-2025-3022 OS Command Injection vulnerability in e-management of e-solutions
Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...
E-Solutions E-Management 操作系统命令注入漏洞
E-Solutions E-Management is an application from E-Solutions, Inc. An operating system command injection vulnerability exists in E-Solutions E-Management, which stems from the presence of command injection that could lead to the execution of arbitrary commands on the server...
VulnCheck KEV: CVE-2025-31103
A-blog CMS contains an untrusted data deserialization vulnerability that if successfully exploited can be leveraged to execute an arbitrary script on the server...
The vulnerability of the PHP Smarty templater, related to improper handling of code generation, allows attackers to execute arbitrary PHP code.
The vulnerability of the PHP Smarty templater is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code on the target system...
CVE-2024-5921
CVE-2024-5921 : Palo Alto Networks GlobalProtect app suffers from insufficient certificate validation, allowing the client to connect to arbitrary servers. This can enable a local non-admin user or an attacker on the same subnet to install malicious root certificates and subsequently execute malw...
Palo Alto Networks GlobalProtect 信任管理问题漏洞
Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A trust management issue vulnerability exists in Palo Alto Networks GlobalProtect, which stems from insufficie...
CVE-2024-34887
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...
SUSE CVE-2019-6799
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...
Flowise Security Vulnerabilities
Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...
WordPress plugin Google Doc Embedder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-27283
A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed...
External Control of File Name or Path in h2oai/h2o-3
Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...