CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

Path traversal

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

PT-2020-13277

Name of the Vulnerable Software and Affected Versions MJML versions prior to 4.6.3 Description The issue is related to a path traversal vulnerability when processing the mj-include directive within an MJML document. Recommendations For versions prior to 4.6.3, update to version 4.6.3 or later to...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the vulnerable configuration is present. The exploit targets PHP 7+ and works by appending a specially...

Lexiglot Path Traversal Vulnerability

Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. A path traversal vulnerability exists in Lexiglot 2014-11-20 and earlier versions, which can be exploited by remote attackers to obtain sensitive information full path with the help of...

CVE-2020-13252

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2020-31757)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the include/class.sla.php file in Enhancesoft osTicket versions prior to 1.14.2. The vulnerability stems from a lack of proper validation of client data in the WEB application...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

Directory traversal

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

CVE-2020-12479

VULNERABILITY SUMMARY: TeamPass 2.1.27.36 is affected by a PHP file include (directory traversal) vulnerability triggered through crafted HTTP requests to sources/users.queries.php with the newValue parameter. The issue allows any authenticated TeamPass user to cause inclusion of arbitrary files,...

gyges.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145820 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting gyges.org website and its users. Following coordinat...

ALPINE-CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elemen...

holz-becker.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1142773 Security Researcher Hchabik Helped patch 2358 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting holz-becker.com website and...

Privilege Escalation

The Apache HTTP Server is vulnerable to Privilege Escalation. A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a...

tweaksguide.com Cross Site Scripting vulnerability

Security Researcher geeknik Helped patch 8505 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting tweaksguide.com website and its users. Following coordinat...

The vulnerability of the ColdFusion software platform, related to the names of PHP functions like include or require, allows a hacker to execute arbitrary PHP code on the target system.

The vulnerability of the ColdFusion software platform relates to the names of PHP functions include or require. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code on the target system by sending a specially crafted HTTP request...

FIBARO System Home Center 5.021 - Remote File Include

FIBARO System Home Center 5.021 - Remote File Include Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3,...