8834 matches found
CVE-2023-47016
radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...
CVE-2023-47016
radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...
CVE-2023-47016
radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...
CVE-2023-38882
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...
CVE-2023-6020 Ray Static File Local File Include
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...
CVE-2023-6013
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
CVE-2023-6013
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
Cross site scripting
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
CVE-2023-6021 Ray Log File Local File Include
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...
CVE-2023-6013 H2O Local File Include
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
CVE-2023-6013 H2O Local File Include
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
CVE-2023-6013
CVE-2023-6013 affects H2O with a stored XSS vulnerability that can lead to a Local File Include attack. Affected component is H2O’s web layer handling inputs, with the underlying issue described as stored XSS in multiple feeds and pages. Impact stated in sources includes potential exposure of loc...
CVE-2023-6023 ModelDB Local File Include
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifactpath URL parameter...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
PT-2023-32476 · H2O · H2O
Name of the Vulnerable Software and Affected Versions: H2O affected versions not specified Description: The issue is related to a stored XSS vulnerability that can lead to a Local File Include attack. This allows an attacker to potentially execute malicious scripts or access sensitive files on th...
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...
CVE-2023-5550 Moodle: rce due to lfi risk in some misconfigured shared hosting environments
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...
PT-2023-6939 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a misconfigured shared hosting environment, allowing access to other users' content. A Moodle user with direct access to the web server outside of the Moodle webroot...
PT-2023-32349 · WordPress · The News & Blog Designer Pack
Name of the Vulnerable Software and Affected Versions: The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 Description: The issue is related to Remote Code Execution via Local File Inclusion. This is due to the bdp get more post function utilizing an unsafe...