UBUNTU-CVE-2024-34002

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2024-34004

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

UBUNTU-CVE-2024-34005

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

PT-2024-25631 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web...

PT-2024-10556 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Symfony HttpKernel component versions 2.2.X through 2.5.X Description: This issue affects applications with the ESI feature enabled and a proxy in front of the web application. The FragmentHandler considers requests to render fragments as...

PT-2024-40156 · Twig · Twig

Name of the Vulnerable Software and Affected Versions: Twig affected versions not specified Description: The issue allows for path traversal when Twig is used with Twig Loader Filesystem for loading templates and the application uses non-trusted template names. This enables an attacker to access...

PT-2024-21120 · Open Library Foundation · Vufind

Name of the Vulnerable Software and Affected Versions: Open Library Foundation VuFind versions 2.0 through 9.1 before 9.1.1 Description: A Server-Side Request Forgery SSRF vulnerability in the "/Upgrade/FixConfig" route allows a remote attacker to overwrite local configuration files to gain acces...

CVE-2023-52843 llc: verify mac len before reading mac header

In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llcrcv on a tun device. Tun can insert packets without mac len and...

SUSE CVE-2024-35857

In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmpbuildprobe First problem is a double call to indevgetrcu, because the second one could return NULL. if indevgetrcudev && indevgetrcudev-ifalist Second problem is a read from...

Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

The vulnerability of the link.php script in the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the link.php script in the Cacti network monitoring software is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

PT-2024-25213 · Taocms · Taocms

Name of the Vulnerable Software and Affected Versions: TaoCMS version 3.0.2 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. Recommendations: For TaoCMS version 3.0.2, consider...

TaoCMS 安全漏洞

TaoCMS is a Chinese micro CMS Content Management System. A security vulnerability exists in TaoCMS version v.3.0.2. A remote attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information via the include/model/file.php component...

CVE-2024-3784

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 Accounts /admin/CloudAccounts. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

PT-2024-27806 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through the License endpoint /admin/CDPUsers, which could allow a remote user to execute arbitrary code. Recommendations: For...

PT-2024-3331 · D Link · D-Link Dir-845L

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-845L versions =v1.01KRb03 Description: The issue is related to insufficient protection of internal data when handling the file parameter, potentially allowing a remote attacker to gain unauthorized access to protected information...

CVE-2024-30872

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php...

RaspAP Code Injection Vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. RaspAP raspap-webgui version 3.0.9 suffers from a code injection vulnerability that stems from the parameter country in the file include/provider.php that can lead to code injection...

Piwigo Security Breach

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo versions prior to 14.3.0, which stems from a cross-site scripting vulnerability due to a lac...