ZYCHCMS V03 '/include/page.asp' file has an arbitrary directory traversal vulnerability

ZYCHCMS is an enterprise website management system. An arbitrary directory traversal vulnerability exists in the ZYCHCMS V03 '/include/page.asp' file. This allows an attacker to traverse directories and view sensitive directory and file information...

ATutor SQL Injection Vulnerability

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. An SQL injection vulnerability exists in the include/lib/mysqlconnect.inc.php file in ATutor version 2.2....

ZYCHCMS V04 Arbitrary File Write Vulnerability in /include/page.asp File

ZYCHCMS is an enterprise website management system. An arbitrary file write vulnerability exists in the ZYCHCMS V04 /include/page.asp file. The vulnerability allows attackers to write scripts to arbitrary files to gain server privileges...

MantisBT 'Timeline include' page cross-site scripting vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the Timeline include page used in the My View myviewpage.php and User...

CVE-2017-7897

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

Cross site scripting

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure Vulnerabilities

Exploit for php platform in category web applications SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure

SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The vulnerabilities were discovered during a black box security...

Serendipity include/functions_entries.inc.php SQL Injection Vulnerability

Serendipity is a WEB application. Serendipity include/functionsentries.inc.php suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Sql injection

SQL injection vulnerability in include/functionsentries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter...

DOS vulnerabiltiy in table editing

PMASA-2017-3 Announcement-ID: PMASA-2017-3 Date: 2017-01-24 Summary DOS vulnerabiltiy in table editing Description It was possible to trigger recursive include operation by crafter parameters when editing table data. Severity We consider this to be non critical. Mitigation factor Do not click on...

Chromebackdoor graniet v3.0 web panel Multi Vulnerability

Exploit for php platform in category web applications Exploit Title: botnet graniet chrome backdoor v3.0 web panel multi vulnerability Date: 10-1-2017 Exploit Author: alqnas eslam Vendor Homepage:fb.com/alqnas4 Software Link:https://github.com/graniet/chromebackdoor Tested on:any os 1- cross site...

DEBIAN-CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

Deserialization of untrusted data

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

UBUNTU-CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

Code injection

include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...

U.S. Dept Of Defense: Server-side include injection vulnerability in a DoD website

A Department of Defense website was vulnerable to a Server-Side Include Injection attack which could have allowed an attacker to inject code into HTML pages or, under some circumstances, perform remote code execution. @jutsuce was as able to demonstrate this vulnerability by crafting a specially...

Remote Code Execution (RCE)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Remote Code Execution by letting the attacker under certain conditions control the source folder from which the engine renders include files. You can read more about this vulnerability on th...