Jekyll Arbitrary File Access Vulnerability

Jekyll is a static website generator. A security vulnerability exists in Jekyll version 3.6.2 and earlier, version 3.7.x through 3.7.3, and version 3.8.x through 3.8.3. An attacker can exploit the vulnerability by specifying a symbolic link in the 'include' key of the 'config.yml' file to access...

Jekyll _config.yml privilege escalation

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

CVE-2018-16299

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...

DEBIAN-CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

UBUNTU-CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +3 more potentially affected by CVE-2018-3787 via simplehttpserver (>=0.0.6 <=0.1.1)

simplehttpserver NPM version =0.0.6, =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-3787 Source advisory: OSV:GHSA-GPVJ-Q7FP-JCCH...

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-16343

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf in include/main.class.php does not block use of $GLOBALS...

CVE-2018-16343

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf in include/main.class.php does not block use of $GLOBALS...

CVE-2018-16343

SeaCMS 6.61 contains a remote code execution flaw: the parseIf() function in include/main.class.php fails to block use of $GLOBALS, enabling attackers to run arbitrary code. This has been documented across multiple sources (CNVD-2018-19075 and NVD/NVD-derived entries) and is tied to SeaCMS’s PHP ...

Microsoft Outlook 365 - Arbitrary File Upload Vulnerability

Document Title: =============== Microsoft Outlook 365 - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1513 Release Date: ============= 2018-08-08 Vulnerability Laboratory ID VL-ID: ===================================...

Security update for cups (moderate)

This update for cups fixes the following issues: The following security vulnerabilities were fixed: - CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. bsc1061066 bsc1087018 - Fixed a local...

Null pointer dereference

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cbmodel.h...

USN-3713-1 cups vulnerabilities

It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. CVE-2017-18248 Dan...

CVE-2018-11588

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...