PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

SQL Injection

apache-airflow-providers-snowflake is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize special elements due to improper sanitation of table and stage parameters in the CopyFromExternalStageToSnowflakeOperator component...

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

CVE-2021-37315

Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations...

CVE-2021-37317

Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations...

Directory traversal

Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations...

GHSA-VP56-R7QV-783V ahh vulnerable to Path Traversal

Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

Unauthenticated Path Traversal

Description A unauthenticated user can read and download files of the application system by abusing the filename parameter, of the /api/image/cover-uploadendpoint, that is not properly sanitized. Proof of Concept 1 - Send the following request, where the filename has the relative path of the targ...

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

Sql injection

The TYPO3 Core wecdiscussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input...

CVE-2011-3584

The TYPO3 Core wecdiscussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input...

Adobe ColdFusion CKEditor Directory Traversal (CVE-2018-15960)

A directory traversal vulnerability exists in Adobe ColdFusion CKEditor component. The vulnerability is due improper sanitation of paths before writing files. Successful exploitation of this vulnerability could allow an attacker to write files to arbitrary locations on the target system...

DuckDuckGo: XXE on https://duckduckgo.com

An XML External Entity XXE injection vulnerability was discovered in the x.js endpoint on https://duckduckgo.com via u parameter. This was due to improper sanitation of external XML entities. The results was a leak of certain world readable files on the system. This issue was patched. Additionall...

GLSA-201511-01 : MirBSD Korn Shell: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201511-01 MirBSD Korn Shell: Arbitrary code execution Improper sanitation of environment import allows for appending of values to passed parameters. Impact : An attacker who already had access to the environment could so append...

PHP Volunteer Management System 1.0.2 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title: PHP Volunteer Management System v 1.0.2 multiple SQLi Vulnerabilities Version: 1.0.2 Author/Found by: loneferret Software Site: https://sourceforge.net/projects/phpvolunteer/ Other vulnerabilities: http://www.exploit-db.com/exploits/18941/ Date found: May...

Vtiger CRM < 6.0 Multiple XSS Vulnerabilities

Vtiger CRM is prone to multiple XSS vulnerabilities SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vtiger:vtigercrm";...

Linux Kernel 3.4 &lt; 3.13.2 (Ubuntu 13.10) - &#039;CONFIG_X86_X32&#039; Arbitrary Write (2)

/ Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to a kernel address as timeout for recvmmsg, if the...

Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)

Updated glpi package fixes security vulnerabilities : Multiple security vulnerabilities due to improper sanitation of user input in GLPI before versions 0.83.9 CVE-2013-2226, 0.83.91 CVE-2013-2225, and 0.84.2 CVE-2013-5696. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2,...

PCMan's FTP Server Multiple Vulnerabilities

PCMan SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.803825";...

WHMCS <= 4.5.2 SQLi Vulnerability

WHMCS is prone to an SQL injection SQLi vulnerability. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...