16 matches found
EUVD-2013-5303
Malware in sbrugna...
EUVD-2018-18050
Malware in sbrugna...
EUVD-2024-0886
Malicious code in bioql PyPI...
CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...
CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...
CVE-2024-27287
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...
CVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...
SUSE CVE-2009-1285
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...
Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞
Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...
CMS Made Simple 2.1.6 - Remote Code Execution
CMS Made Simple 2.1.6 - Remote Code Execution Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2. 1.6-install.zip Version: 2.1....
CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...
Design/Logic Flaw
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6289
Kaspersky Secure Mail Gateway 1.1.0.379 has a Web Management Console vulnerability (CVE-2018-6289) that allows configuration-file injection into /etc/postfix/main.cf, enabling arbitrary commands to execute as root. The Core Security advisory CORE-2017-0010 details that adding a crafted BCC addres...
Nagios XI 2012R1.5b XSS / Command Execution / SQL Injection / CSRF
Nagios XI version 2012R1.5b suffers from cross site request forgery, cross site scripting, remote command injection, and remote SQL injection vulnerabilities. Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?width=800";...
Nagios XI 2012R1.5b XSS / Command Execution / SQL Injection / CSRF
Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?width=800"; alert'xss'; var aa="a" : "b" : " The vulnerable code in Alert Cloud's index.php appears to have been copied and pasted into several other components as well...