2 matches found
CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...
Puppet Agent Global Writable Module Vulnerability
Puppet is a set of Puppet Labs configuration management tools based on the client/server C/S architecture.Puppet Agent is one of the agents. A security vulnerability exists in Puppet Agent versions prior to 5.3.4 and prior to 1.10.10. An attacker could exploit this vulnerability to assign global...