FIBARO System Home Center 5.021 - Remote File Include Vulnerability

Exploit for multiple platform in category web applications Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3, Home Center...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Chadha PHPKB CSV Injection Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A CSV injection vulnerability exists in admin/include/operations.php in Chadha PHPKB Standard Multi-Language 9. An attacker can...

Horde Groupware Webmail Edition 5.2.22 PHAR Loading

exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode = sys.argv5 source =...

Sql injection

An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter...

Exploit for CVE-2020-1938

CVE-2020-1938 Tomcat-fileinclude and filered Exploita...

Exploit for CVE-2020-1938

CVE-2020-1938 Suricata 检测规则 suricata CNVD-2020-10487...

CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

Security feature bypass

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

CVE-2013-2057

YaBB through 2.5.2 is affected by a Local File Include vulnerability caused by the 'guestlanguage' cookie parameter, enabling inclusion of local files due to improper handling of the cookie value. Affected product/component: YaBB (web forum) up to version 2.5.2. Root cause: unsanitized cookie par...

CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

CVE-2013-2678

CVE-2013-2678 affects Cisco Linksys E4200 devices running firmware 1.0.05 Build 7. The Local File Include vulnerability in the apply.cgi script (submit_type parameter) could allow remote attackers to obtain sensitive information or execute arbitrary code. Public references describe XSS/LFI vector...

CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

Code injection

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

CVE-2013-3212

CVE-2013-3212 affects vtiger CRM <= 5.4.0. Affected component: SOAP-based customerportal.php with two Local File Inclusion vulnerabilities in get_list_values and get_project_components. Root cause: input in the module parameter is not properly validated, leading to require_once of untrusted lo...

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1671)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability...