54 matches found
EUVD-2007-6098
Malware in sbrugna...
EUVD-2006-4408
Malware in sbrugna...
EUVD-2009-2128
Malware in sbrugna...
EUVD-2006-6225
Malware in sbrugna...
EUVD-2015-7713
Malware in sbrugna...
EUVD-2008-5913
Malware in sbrugna...
EUVD-2021-28610
Malicious code in bioql PyPI...
pikachu
It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行, Files Inclusion...
CVE-2020-6167
The CVE-2020-6167 entry concerns WordPress plugin Minimal Coming Soon & Maintenance Mode (versions up to 2.10). The vulnerability is a CSRF to stored XSS and setting changes, permitted by a lack of nonce checks on settings endpoints, enabling an attacker to enable maintenance mode, inject XSS, mo...
SUSE-SU-2019:3188-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processi...
Arbitrary File Write
Overview Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to...
CVE-2017-9067
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...
CVE-2016-9976
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252...
Cisco Unified Communications Manager multiple security vulnerabilities
Code execution, authentication bypass, local files inclusion...
Audio Share 2.0.2 Cross Site Scripting / Remote File Inclusion Vulnerabilities
Audio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities. | Title : Audio Share v2.0.2 Multi Vulnerability | Author : indoushka | email : email protected | Dork : Powered by AudioShareScript.com | Tested on: windows 8.1 Français V.Pro | Download :...
CVE-2012-5242
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter in a gettemplate action...
PAJAX Remote Command Execution
No description provided by source. $Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
PTCeffect <= 4.6 LFI & SQL Injection Vulnerabilities
PTCeffect also known as ptcevolution is vulnerable to an sql injection. It let you grab admin password and basically everything you want in db. You don't need to have an account on the vulnerable site to use this exploit. The LFI vulnerability is in index.php...
F5 FirePass SSL VPN information leakage
CitrixAuth.php local files inclusion...
CreateSupportZipAction directory traversal
There’s a directory traversal vulnerability in the CreateSupportZipAction action that allows a malicious user to include arbitrary log files into a support zip. This is because the SupportUtility object is marked as @ParameterSafe, and no validation is performed on its serverLogsDirectory path...