PT-2024-10556 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Symfony HttpKernel component versions 2.2.X through 2.5.X Description: This issue affects applications with the ESI feature enabled and a proxy in front of the web application. The FragmentHandler considers requests to render fragments as...

PT-2024-21120 · Open Library Foundation · Vufind

Name of the Vulnerable Software and Affected Versions: Open Library Foundation VuFind versions 2.0 through 9.1 before 9.1.1 Description: A Server-Side Request Forgery SSRF vulnerability in the "/Upgrade/FixConfig" route allows a remote attacker to overwrite local configuration files to gain acces...

CVE-2023-52843 llc: verify mac len before reading mac header

In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llcrcv on a tun device. Tun can insert packets without mac len and...

SUSE CVE-2024-35857

In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmpbuildprobe First problem is a double call to indevgetrcu, because the second one could return NULL. if indevgetrcudev && indevgetrcudev-ifalist Second problem is a read from...

Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

The vulnerability of the link.php script in the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the link.php script in the Cacti network monitoring software is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

PT-2024-25213 · Taocms · Taocms

Name of the Vulnerable Software and Affected Versions: TaoCMS version 3.0.2 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. Recommendations: For TaoCMS version 3.0.2, consider...

TaoCMS 安全漏洞

TaoCMS is a Chinese micro CMS Content Management System. A security vulnerability exists in TaoCMS version v.3.0.2. A remote attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information via the include/model/file.php component...

CVE-2024-3784

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 Accounts /admin/CloudAccounts. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

PT-2024-27806 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through the License endpoint /admin/CDPUsers, which could allow a remote user to execute arbitrary code. Recommendations: For...

PT-2024-3331 · D Link · D-Link Dir-845L

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-845L versions =v1.01KRb03 Description: The issue is related to insufficient protection of internal data when handling the file parameter, potentially allowing a remote attacker to gain unauthorized access to protected information...

CVE-2024-30872

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php...

RaspAP Code Injection Vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. RaspAP raspap-webgui version 3.0.9 suffers from a code injection vulnerability that stems from the parameter country in the file include/provider.php that can lead to code injection...

Piwigo Security Breach

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo versions prior to 14.3.0, which stems from a cross-site scripting vulnerability due to a lac...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. A security vulnerability exists in the F5 BIG-IP that originates from a traffic management microkernel TMM termination...

Gradio Path Traversal vulnerability

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

PYSEC-2024-261

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

Cross site request forgery (csrf)

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...