CVE-2012-4919

The CVE-2012-4919 entry applies to the WordPress Gallery Plugin (Gallery Plugin for WordPress). The vulnerability is a Remote File Inclusion via the load parameter of the update_order.php script, caused by insufficient input validation. This allows an unauthenticated, remote attacker to include a...

CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability...

openSUSE Security Update : proftpd (openSUSE-2020-31)

This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...

Adding Some Salt to Our Network – Part 2

How our configuration management actually works Following a previous post which explained why we needed a configuration management system, this post explores how we built and implemented our configuration management using SaltStack. It describes the structure of our configuration and the toolset ...

Security update for proftpd (moderate)

openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2020:0031-1 Rating: moderate References: 1113041 1144056 1154600 1155834 1156210 1157798 1157803 Cross-References: CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 Affected Products: openSU...

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

Design/Logic Flaw

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

CVE-2012-2950

CVE-2012-2950 affects Gateway Geomatics MapServer for Windows (MS4W). The vulnerability is a Local File Inclusion in the bundled Apache/PHP configuration that allows remote attackers to view arbitrary files and execute PHP code with SYSTEM privileges. Affected releases are the MS4W packages up to...

Command injection

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filin...

CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

CVE-2019-16951

Enghouse Web Chat 6.2.284.34 is affected by a remote file include (RFI) vulnerability (CVE-2019-16951). The issue allows an attacker to substitute the localhost attribute with an attacker-controlled domain; after a POST, the product calls that domain and may return data that reveals sensitive inf...

visagehall.ru Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3650 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting visagehall.ru website and its users. Following coordinate...

CVE-2005-3056

TWiki is affected by CVE-2005-3056 due to an arbitrary shell command execution flaw in the Include function. The vulnerability enables an attacker to execute commands on the server when TWiki processes Include, with network access, no authentication, and no user interaction required in the CVSS a...

CVE-2019-18385

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring...

Directory Traversal

librenms/librenms is vulnerable to directory traversal. The usage of mysqlrealescapestring to sanitize untrusted user supplied data that is subsequently passed to the include function as a file path in csv.php, is insecure. An attacker could potentially include arbitrary files on the server using...