8850 matches found
Unrestricted file upload
File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inclib/general.inc.php...
recherche-collection-search.bac-lac.gc.ca Cross Site Scripting vulnerability OBB-3178473
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-12269 · Phpcms · Phpcms
Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.25 Description: The issue allows remote attackers to run arbitrary code via a crafted file upload to the "include/inc lib/general.inc.php" endpoint. Recommendations: For phpwcms version 1.9.25, update to a newer version th...
Arbitrary File Read
Overview swig-templates is an A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig. Affected versions of this package are vulnerable to Arbitrary File Read via the renderFile method. PoC 1.html html % extends '../../../../../etc/passwd...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
bloofoxCMS 安全漏洞
bloofoxCMS is a Php-based text content management system by the individual developer of bloofoxCMS. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which originates from the discovery of an include arbitrary file deletion vulnerability via the component /include/inccontentmedia.ph...
CVE-2023-23607 Unrestricted file upload leads to Remote Code Execution in erohtar/Dasherr
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they ca...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
eXtplorer 路径遍历漏洞
eXtplorer is a PHP-based file manager. A path traversal vulnerability exists in versions prior to eXtplorer 2.1.13, which stems from a problem in the unknown section of the include/archive.php file in the component Archive Handler that can lead to path traversal...
CVE-2022-46101
AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...
CVE-2022-45942
A Remote Code Execution RCE vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4...
baijiacms 操作系统命令注入漏洞
baijiacms is a content management system CMS for e-commerce. A security vulnerability exists in the baijiacms version, which stems from a Remote Code Execution RCE vulnerability in includes/baijiacms/common.inc.php. No details of the vulnerability are available at this time...
GHSA-X3X3-QWJQ-8GJ4 Apache CXF Server-Side Request Forgery vulnerability
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
PT-2022-27840
Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.5.5 Apache CXF versions prior to 3.4.10 Description A Server-Side Request Forgery SSRF issue exists in the parsing of the href attribute of XOP:Include in MTOM requests. This allows an attacker to perform SSRF...
libxml2: Incorrect server side include parsing can lead to XSS
A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...
RLSA-2022:7715 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...