16 matches found
EUVD-2018-10704
Malware in sbrugna...
EUVD-2022-5309
Malicious code in bioql PyPI...
CVE-2018-1999009
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...
GHSA-V7CR-W5V6-6659 October CMS Local File Inclusion
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path i...
October CMS Local File Inclusion
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path i...
October CMS Cross-Site Scripting Vulnerability (CNVD-2018-14215)
October CMS is an open source, self-hosted content management system CMS built on the Laravel PHP framework, developed by Canadian software developer Alexey Bobkov and Australian software developer Samuel Georges. The Media module is one of the media content management modules. A cross-site...
October CMS Local File Inclusion Vulnerability
October CMS is an open source, self-hosted content management system CMS built on the Laravel PHP framework developed by Canadian software developer Alexey Bobkov and Australian software developer Samuel Georges. A local file inclusion vulnerability exists in the modules/system/traits/ViewMaker.p...
CVE-2018-1999008
October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...
CVE-2018-1999009
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...
Cross site scripting
October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...
CVE-2018-1999009
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...
Design/Logic Flaw
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...
CVE-2018-1999008
October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...
CVE-2018-1999008
October CMS: A Cross-Site Scripting (XSS) vulnerability in the Media module and Create Folder feature allows an authenticated user with media module permission to create folder names containing XSS content. The issue affects builds prior to 437 and is fixed in build 437. Documented as exploitable...
CVE-2018-1999009
October CMS prior to Build 437 is affected by a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php (makeFileContents). The issue can lead to sensitive information disclosure and remote code execution, and is exploitable remotely if the /backend path is accessible. The CVE d...
CVE-2018-1999008
October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...