CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

Code injection

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

CVE-2013-3212

CVE-2013-3212 affects vtiger CRM <= 5.4.0. Affected component: SOAP-based customerportal.php with two Local File Inclusion vulnerabilities in get_list_values and get_project_components. Root cause: input in the module parameter is not properly validated, leading to require_once of untrusted lo...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1671)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability...

CVE-2012-4919

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability...

CVE-2012-4919

The CVE-2012-4919 entry applies to the WordPress Gallery Plugin (Gallery Plugin for WordPress). The vulnerability is a Remote File Inclusion via the load parameter of the update_order.php script, caused by insufficient input validation. This allows an unauthenticated, remote attacker to include a...

openSUSE Security Update : proftpd (openSUSE-2020-31)

This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...

Adding Some Salt to Our Network – Part 2

How our configuration management actually works Following a previous post which explained why we needed a configuration management system, this post explores how we built and implemented our configuration management using SaltStack. It describes the structure of our configuration and the toolset ...

Security update for proftpd (moderate)

openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2020:0031-1 Rating: moderate References: 1113041 1144056 1154600 1155834 1156210 1157798 1157803 Cross-References: CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 Affected Products: openSU...

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

Design/Logic Flaw

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

CVE-2012-2950

CVE-2012-2950 affects Gateway Geomatics MapServer for Windows (MS4W). The vulnerability is a Local File Inclusion in the bundled Apache/PHP configuration that allows remote attackers to view arbitrary files and execute PHP code with SYSTEM privileges. Affected releases are the MS4W packages up to...

Command injection

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filin...

CVE-2019-10765

iobroker.admin before 3.6.12 allows attacker to include file contents from outside the /log/file1/ directory...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...