PT-2023-12269 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.25 Description: The issue allows remote attackers to run arbitrary code via a crafted file upload to the "include/inc lib/general.inc.php" endpoint. Recommendations: For phpwcms version 1.9.25, update to a newer version th...

Arbitrary File Read

Overview swig-templates is an A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig. Affected versions of this package are vulnerable to Arbitrary File Read via the renderFile method. PoC 1.html html % extends '../../../../../etc/passwd...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

bloofoxCMS 安全漏洞

bloofoxCMS is a Php-based text content management system by the individual developer of bloofoxCMS. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which originates from the discovery of an include arbitrary file deletion vulnerability via the component /include/inccontentmedia.ph...

CVE-2023-23607 Unrestricted file upload leads to Remote Code Execution in erohtar/Dasherr

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they ca...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

eXtplorer 路径遍历漏洞

eXtplorer is a PHP-based file manager. A path traversal vulnerability exists in versions prior to eXtplorer 2.1.13, which stems from a problem in the unknown section of the include/archive.php file in the component Archive Handler that can lead to path traversal...

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...

CVE-2022-45942

A Remote Code Execution RCE vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4...

baijiacms 操作系统命令注入漏洞

baijiacms is a content management system CMS for e-commerce. A security vulnerability exists in the baijiacms version, which stems from a Remote Code Execution RCE vulnerability in includes/baijiacms/common.inc.php. No details of the vulnerability are available at this time...

GHSA-X3X3-QWJQ-8GJ4 Apache CXF Server-Side Request Forgery vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

PT-2022-27840

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.5.5 Apache CXF versions prior to 3.4.10 Description A Server-Side Request Forgery SSRF issue exists in the parsing of the href attribute of XOP:Include in MTOM requests. This allows an attacker to perform SSRF...

libxml2: Incorrect server side include parsing can lead to XSS

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

RLSA-2022:7715 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

Authorization Bypass

Spring Security Web is vulnerable to Authorization Bypass. The vulnerability exists in AuthorizationFilter because it incorrectly extends OncePerRequestFilter which allows an attacker to bypass authorization rules via forward or include dispatcher types...

The vulnerability of the `include/chart_generator.php` script of the Pandora Console component, a monitoring and management system for IT environments in the Pandora FMS framework. This script allows attackers to bypass security restrictions and execute arbitrary SQL code.

The vulnerability of the include/chartgenerator.php implementation of the Pandora Console component in the Pandora FMS monitoring and management system is related to the lack of measures taken to protect the SQL query structure during the processing of the sessionid parameter. Exploiting this...