CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

PT-2025-51865

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin language file and default page language file in the admin.php component...

CVE-2025-67174

RiteCMS v3.1.0 contains a local file inclusion (LFI) vulnerability in the admin.php component, exploitable via directory traversal in admin_language_file and default_page_language_file. The issue allows an attacker to read arbitrary files on the host. Multiple connected sources (CNVD-2026-05343, ...

CVE-2025-41041

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/default.x...

CVE-2025-41041

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/default.x...

PT-2025-35912

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the datacode, datalang0key, datalang0value,...

TYPO3 Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

PT-2024-40227 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A security issue has been found where backend users with limited access to specific languages can modify and create pages in the default language, which should be restricted. This can b...

Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

Malware vaccination tricks: blue pills or red pills

First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware checks for the presence of certain files or registry keys as a...

Metadata Analysis Draws its Own Conclusions on WannaCry Authors

The most intriguing mystery that remains about WannaCry is the identity of the attacker. The theory with the best legs is that North Korea’s Lazarus APT is the entity behind the worldwide ransomware outbreak given the discovery of shared code samples in the malware with older Lazarus attacks. Tha...

Mass Injection Attack Targets ASP.NET Sites

There is yet another large-scale injection attack going on right now, with nearly 200,000 pages affected so far. The compromised pages are serving visitors with malicious code that sends them off to a remote server for installation of malware. The attack is the latest in a series of similar...

axdcms-0.1.1 Local File Include Vulnerbility

Exploit for php platform in category web applications axdcms-0.1.1 === Local File Include Vulnerbility Author : n0n0x Homepage: http://priasantai.uni.cc/ Download script : http://biznetnetworks.dl.sourceforge.net/project/axdcms/axdcms/0.1.1/axdcms-0.1.1.zip exploit :...

axdcms-0.1.1 - Local File Inclusion

axdcms-0.1.1 - Local File Inclusion \ \ \ / / / \ / / / |// / / // // / / / // // / // // / // // / //|| priasantai.uni.cc | team-elite.us axdcms-0.1.1 === Local File Include Vulnerbility Author : n0n0x Homepage: http://priasantai.uni.cc/ Download script :...

Directory traversal

Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the defaultlanguage parameter...

eDContainer v2.22 (lg) Local File Inclusion Vulnerability

No description provided by source. | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | eDContainer v2.22 lg Local File Inclusion Vulnerability Script :...

CVE-2008-5186

The setlanguagepath function in geshi.php in Generic Syntax Highlighter GeSHi before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $path variable. NOTE: this issue has been disputed by a vendor, stating that only...

Atlassian JIRA < 3.12.1 Multiple Vulnerabilities

Binary data 4329.prm...