18 matches found
Remote File Inclusion
librenms/librenms is vulnerable to Remote File Inclusion RFI. The vulnerability is due to unsafe dynamic file inclusion caused by the ajaxform.php endpoint using user-controlled POST input in the type parameter to include .inc.php files without proper validation or allowlisting, potentially leadi...
CVE-2024-45389
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...
CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...
CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...
Decidim Cross-Site Scripting Vulnerability
Decidim is a participatory democracy framework written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.0 through 0.27.5 and 0.28.0, which stems from a cross-site scripting vulnerability in the dynamic file upload feature...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
kernel: use-after-free due to race condition occurring in dvb_register_device()
A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvbregisterdevice function due to the fileoperations structure fops being dynamically allocated and later kfreed. A local user could use this...
kernel: use-after-free due to race condition occurring in dvb_register_device()
A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvbregisterdevice function due to the fileoperations structure fops being dynamically allocated and later kfreed. A local user could use this...
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free related to dvb_register_device dynamically allocating fops.
...
WordPress Mail Masta Plugin 1.0 - local file inclusion
This file contains the vulnerability allows an attacker to include a file,usually using a“dynamic file include”mechanisms in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Source file: /inc/campaign/countofsend.php Line 4:...
WordPress Plugin Mail Masta 1.0 - Local File Inclusion
WordPress Plugin Mail Masta 1.0 - Local File Inclusion + Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to...
WordPress Mail Master 1.0 Local File Inclusion
Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file...
WordPress Plugin Mail Masta 1.0 - Local File Inclusion
Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file...
PHP file include vulnerability details(including the truncated method)-vulnerability warning-the black bar safety net
One, what is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...