CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

EUVD-2015-7817

Malware in sbrugna...

NCP Engineering Secure Enterprise Client Security Vulnerability

Ncp Engineering NCP engineering Secure Enterprise Client is a VPN Virtual Private Network client application from the German company Ncp Engineering. A security vulnerability exists in NCP engineering Secure Enterprise Client versions prior to 12.22, which stems from the presence of insecure file...

CVE-2023-47444

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server...

Command Execution Vulnerability in Doccms 2016

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. A code execution vulnerability...

SeaCMS system has an override access vulnerability

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in the SeaCMS system. Because the program does not effectively filter the data written to the write...

Openstack DBaaS Configuration File Write Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the U.S. Openstack DBaaS is one of the database service tools. A security vulnerability exists in Openstack DBaaS aka Trove in versions prior to Openstack...

UBUNTU-CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)

It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...

UBUNTU-CVE-2014-5339

CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...

Discuz! 7.0-7.2 the background settings. inc. php to write shell vulnerability-vulnerability warning-the black bar safety net

Impact version Discuz! 7.0-7.2 Vulnerability details: if$operation == 'uc' && iswriteable'./ config.inc.php' && $isfounder $ucdbpassnew = $settingsnew'uc''dbpass' == '' ? UCDBPW : $settingsnew'uc''dbpass'; if$settingsnew'uc''connect' $ucdblink = @mysqlconnect$settingsnew'uc''dbhost',...