CVE-2021-24823

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files...

File Descriptor Leak

Possible sensitive files Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eac...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

Design/Logic Flaw

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

CVE-2022-22308

IBM Planning Analytics 2.0 (Planning Analytics Workspace 2.0) is affected by a Remote File Include (RFI) issue. Affected component is the web layer where user input can be injected into file include commands, potentially causing the application to include remote files with malicious code. Public ...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

CVE-2021-45357

CVE-2021-45357 describes a cross-site scripting (XSS) vulnerability in Piwigo 12.x exploitable via the pwg_activity function in include/functions.inc.php. Public records in the connected sources confirm the vulnerable component and location, with related OpenVAS entry noting “Piwigo

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...

CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file

Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum'...

The vulnerability in the built-in software of NETGEAR Wi-Fi routers such as D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WNR2020 stems from incorrect code generation. This allows attackers to execute attacks on the server side using Server Side Include Injection (SSI).

The vulnerability of the built-in Wi-Fi router software of NETGEAR models D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WNR2020 is related to...

The vulnerability in the built-in software of NETGEAR Wi-Fi routers such as D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, and RBS50Y stems from incorrect code generation. This allows attackers to execute attacks on the server side using Server Side Include Injection (SSI).

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, and RBS50Y, is relat...

The vulnerability of NETGEAR’s Wi-Fi routers, namely RBK40, RBR40, and RBS40, stems from improper handling of the cryptographic generation process. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, namely RBK40, RBR40, and RBS40, is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to execute a Server Side Include Injection SSI attack...

The vulnerability of NETGEAR’s Wi-Fi routers, namely RBK40, RBR40, and RBS40, stems from improper handling of the cryptographic generation process. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, namely RBK40, RBR40, and RBS40, is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to perform a Server Side Include Injection attack...

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D7800, DM200, EX2700, EX6150v2, EX6100v2, EX6200v2, EX6250, EX6410, EX6420, EX6400v2, EX7300, EX6400, EX7320, EX7300v2, R7500v2, R7800, R8900, R9000, RAX120, RBK40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WN3000RPv2, WN3000RPv3, WNR2000v5, XR500, XR700, lies in the insufficient cleaning of special elements in the output data used by the incoming component. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D7800, DM200, EX2700, EX6150v2, EX6100v2, EX6200v2, EX6250, EX6410, EX6420, EX6400v2, EX7300, EX6400, EX7320, EX7300v2, R7500v2, R7800, R8900, R9000, RAX120, RBK40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50,...

Land Software Faust Iserver 路径遍历漏洞

Land Software Faust Iserver is used by Land Software Germany to bring Faust, Faust Entry and Lidos databases to the Intranet and Internet. A path traversal vulnerability exists in Land Software FAUST iServer versions 9.0.017.017.1- 9.0.018.018.4, which stems from a lack of local include...

zeitarbeit-jobs-sachsen.de Cross Site Scripting vulnerability OBB-2326152

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...

Event Calendar < 1.1.51 - Subscriber+ Event Creation

The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

SEMCMS 访问控制错误漏洞

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS is vulnerable to an access control error that originates from a vulnerability in /include/webcheck.php, which can be exploited to reset the password of the administrator account...