Enhancesoft osTicket 跨站脚本漏洞

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/ajax.search.php...

Enhancesoft osTicket 跨站脚本漏洞

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/class.queue.php...

Command Injection in Centreon

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...

CVE-2020-19510

Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...

Textpattern 代码问题漏洞

Textpattern is a free open source content management system based on PHP and MySQL. Textpattern has an arbitrary file upload vulnerability. An attacker can use the fileinsert function in include/txpfile.php to upload arbitrary files...

WordPress Include Me plugin <= 1.2.1 - Path traversal and Local File Inclusion (LFI) vulnerability leading to Remote Code Execution (RCE)

Path traversal and Local File Inclusion LFI vulnerability leading to Remote Code Execution RCE discovered by Mesut Cetin in WordPress Include Me plugin versions = 1.2.1. Solution Update the WordPress Include Me plugin to the latest available version at least 1.2.2...

PYSEC-2021-103

Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the % includeblock % template tag is used to output the value of a plain-text StreamField block...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

GHSA-QM28-7HQV-WG5J OS Command Injection in ng-packagr

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option...

SUSE: Security Advisory (SUSE-SU-2018:2162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

UBUNTU-CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

CVE-2021-20187

CVE-2021-20187 affects Moodle prior to versions 3.10.1, 3.9.4, 3.8.7 and 3.5.16. The issue allows site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. The connected documents confirm the vulnerable condition and the root cause, but do not p...

Exploit for Path Traversal in Intelbras Tip200_Firmware

PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...

PT-2021-2238 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.10.1 Moodle versions prior to 3.9.4 Moodle versions prior to 3.8.7 Moodle versions prior to 3.5.16 Description: The issue is related to the implementation of Shibboleth authentication technology in Moodle, which is...

UBUNTU-CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected...

TerraMaster TOS Remote Code Execution Vulnerability

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

铁威马 TerraMaster TOS 操作系统命令注入漏洞

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...