EUVD-2019-17800

Malware in sbrugna...

emlog deserialization vulnerability

emlog is a PHP and MySQL based CMS builder for emlog personal developers. emlog pro v2.1.15 and previous versions of the existence of a deserialization vulnerability, the vulnerability stems from the application in the receipt of user-submitted serialized data insecure deserialization process, a...

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

Deserialization of untrusted data

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

Arbitrary Code Execution

dompdf/dompdf is vulnerable to Arbitrary Code Execution. The vulnerability exists in Cache.php due to a lack of validations for SVG files in Dompdf and php-svg-lib, allowing an attacker to parse an arbitrary URL with arbitrary protocols, which can resulting in Arbitrary Code Execution...

Cross site scripting

In affected versions of WordPress, a vulnerability in the stats method of class-wp-object-cache.php can be exploited to execute cross-site scripting XSS attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

CVE-2020-11029

CVE-2020-11029 affects WordPress; vulnerability in the stats() method of class-wp-object-cache.php allows cross-site scripting (XSS). Affected versions include 3.7.x through 5.3.x (and earlier releases) with a patch in WordPress 5.4.1 and via 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4....

Cross site scripting

Maccms 8.0 allows XSS via the inc/config/cache.php tkey parameter because template/paody/html/vodtype.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the tname parameter not tkey...

CVE-2006-4298

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. dot dot in unspecified parameters in the 1 tepcachealsopurchased, 2...

Code injection

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...

CVE-2006-2667

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...