COMPIE CMS Leado Local File Include Vulnerability

Exploit Title: COMPIE CMS Leado Local File Include Google Dork: /index.php?pathAjax= Date: 3/30/2022 Exploit Author: iranhack Security Team Vendor Homepage: iranhack.com Software Link: http://www.compie.co.il/ Version: V.1.0 Tested on: KaliLinux,windows 10 Local File Include...

Asciidoctor 操作系统命令注入漏洞

Asciidoctor is a text processor written in Ruby by the Asciidoctor organization. The product supports converting AsciiDoc content to HTML5, DocBook, and other formats. An operating system command injection vulnerability exists in versions prior to Asciidoctor-include-ext 0.4.0 that could allow an...

Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...

WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...

ImpressCMS SQL注入漏洞

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a SQL injection vulnerability that stems from insufficient cleaning of user data passed in the groupps parameter of the...

Luocms 跨站脚本漏洞

Luocms is an article management system. A cross-site scripting vulnerability exists in Luocms v2.0, which stems from a lack of data validation filtering of user-supplied data and output in /admin/news/sortadd.php and /inc/function.php. An attacker could use this vulnerability to execute JavaScrip...

CVE-2021-24823

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files...

File Descriptor Leak

Possible sensitive files Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eac...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

Design/Logic Flaw

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

CVE-2022-22308

IBM Planning Analytics 2.0 (Planning Analytics Workspace 2.0) is affected by a Remote File Include (RFI) issue. Affected component is the web layer where user input can be injected into file include commands, potentially causing the application to include remote files with malicious code. Public ...

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

CVE-2021-45357

CVE-2021-45357 describes a cross-site scripting (XSS) vulnerability in Piwigo 12.x exploitable via the pwg_activity function in include/functions.inc.php. Public records in the connected sources confirm the vulnerable component and location, with related OpenVAS entry noting “Piwigo

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...

CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file

Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum'...

The vulnerability in the built-in software of NETGEAR Wi-Fi routers such as D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WNR2020 stems from incorrect code generation. This allows attackers to execute attacks on the server side using Server Side Include Injection (SSI).

The vulnerability of the built-in Wi-Fi router software of NETGEAR models D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WNR2020 is related to...

The vulnerability of NETGEAR’s Wi-Fi routers, namely RBK40, RBR40, and RBS40, stems from improper handling of the cryptographic generation process. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, namely RBK40, RBR40, and RBS40, is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to perform a Server Side Include Injection attack...

Land Software Faust Iserver 路径遍历漏洞

Land Software Faust Iserver is used by Land Software Germany to bring Faust, Faust Entry and Lidos databases to the Intranet and Internet. A path traversal vulnerability exists in Land Software FAUST iServer versions 9.0.017.017.1- 9.0.018.018.4, which stems from a lack of local include...

The vulnerability in the built-in software of NETGEAR Wi-Fi routers such as D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, and RBS50Y stems from incorrect code generation. This allows attackers to execute attacks on the server side using Server Side Include Injection (SSI).

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, and RBS50Y, is relat...