CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

EUVD-2001-1228

Malware in sbrugna...

EUVD-2001-1187

Malware in sbrugna...

EUVD-2006-3008

Malware in sbrugna...

EUVD-2011-3231

Malware in sbrugna...

DEBIAN-CVE-2023-53167

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracingerrlogopen Fix an issue in function 'tracingerrlogopen'. The function doesn't call 'seqopen' if the file is opened only with write permissions, which results in 'file-privatedata'...

CVE-2020-17449

PHP-Fusion 9.03 allows XSS via the errorlog file...

Design/Logic Flaw

PHP-Fusion 9.03 allows XSS via the errorlog file...

CVE-2020-17449

PHP-Fusion 9.03 allows XSS via the errorlog file...

CVE-2020-17449

PHP-Fusion 9.03 is affected by CVE-2020-17449, a cross-site scripting (XSS) vulnerability that can be triggered via the error_log file. The NVD lists CVSS v3.1 base score 5.4 (MEDIUM) with network vector, low privileges, user interaction required, and changed scope; CVSS v2 is 3.5 (LOW). No concr...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20200205)

Security Fixes : - ipa: Denial of service in IPA server due to wrong use of berscanf CVE-2019-14867 - ipa: Batch API logging user passwords to /var/log/httpd/errorlog CVE-2019-10195 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

JoomlaScan - Tool To Find The Components Installed In Joomla CMS, Built Out Of The Ashes Of Joomscan

A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan. Features Scanning the Joomla CMS sites in search of components/extensions database of more than 600 components; Locate the browsable folders of component Index of ...; Locate the...

WordPress Search N Save Plugin - Full Path Disclosure

This plugin is prone to a SearchNSave/errorlog direct request path disclosure. Solution Upgrade the plugin...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

Ubuntu Update for php5 USN-1231-1

Ubuntu Update for Linux kernel vulnerabilities USN-1231-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12311.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for php5 USN-1231-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...

PHP Multiple Vulnerabilities (Sep 2011) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2011-3267

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...

Code injection

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...

CVE-2011-3267

PHP before 5.3.7 does not properly implement the errorlog function, which allows context-dependent attackers to cause a denial of service application crash via unspecified vectors...