CVE-2019-16951

Enghouse Web Chat 6.2.284.34 is affected by a remote file include (RFI) vulnerability (CVE-2019-16951). The issue allows an attacker to substitute the localhost attribute with an attacker-controlled domain; after a POST, the product calls that domain and may return data that reveals sensitive inf...

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

visagehall.ru Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3650 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting visagehall.ru website and its users. Following coordinate...

CVE-2005-3056

TWiki is affected by CVE-2005-3056 due to an arbitrary shell command execution flaw in the Include function. The vulnerability enables an attacker to execute commands on the server when TWiki processes Include, with network access, no authentication, and no user interaction required in the CVSS a...

CVE-2019-18385

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring...

Directory Traversal

librenms/librenms is vulnerable to directory traversal. The usage of mysqlrealescapestring to sanitize untrusted user supplied data that is subsequently passed to the include function as a file path in csv.php, is insecure. An attacker could potentially include arbitrary files on the server using...

Remote code execution

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

Exploit for Cross-site Scripting in Atlassian Html_Include_And_Replace_Macro

CVE-2019-15053 FAB-2019-00156 Vulnerability discoverd by me...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

Design/Logic Flaw

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The CVE-2019-15053 issue affects the HTML Include and replace macro plugin for Confluence Server (pre-1.5.0). A bypass of the includeScripts=false XSS protection via an IFRAME vector is documented, enabling cross-site scripting. Connected sources show a public exploit draft and vendor advisories ...

TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities

TeamPass is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor SEC-385...

CVE-2016-10828

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path SEC-97...

CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor SEC-385...

CVE-2016-10837

cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path SEC-46...

CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

[SECURITY] [DLA 1823-1] linux security update

Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...