SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DataFormWebPart class. The issue results from the lack of prope...

CURL-CVE-2020-8177 curl overwrite local file with -J

curl can be tricked by a malicious server to overwrite a local file when using -J --remote-header-name and -i --include in the same command line. The command line tool offers the -J option that saves a remote file using the filename present in the Content-Disposition: response header. curl then...

PT-2020-3018 · Curl +7 · Curl +7

Name of the Vulnerable Software and Affected Versions: curl versions 7.20.0 through 7.70.0 Description: The issue exists due to a logical error in handling the Content-Disposition header of an HTTP response. This can allow a remote attacker to overwrite a local file. The vulnerability is related ...

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

Path traversal

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

PT-2020-13277

Name of the Vulnerable Software and Affected Versions MJML versions prior to 4.6.3 Description The issue is related to a path traversal vulnerability when processing the mj-include directive within an MJML document. Recommendations For versions prior to 4.6.3, update to version 4.6.3 or later to...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the vulnerable configuration is present. The exploit targets PHP 7+ and works by appending a specially...

Lexiglot Path Traversal Vulnerability

Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. A path traversal vulnerability exists in Lexiglot 2014-11-20 and earlier versions, which can be exploited by remote attackers to obtain sensitive information full path with the help of...

CVE-2020-13252

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2020-31757)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the include/class.sla.php file in Enhancesoft osTicket versions prior to 1.14.2. The vulnerability stems from a lack of proper validation of client data in the WEB application...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

Directory traversal

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

CVE-2020-12479

VULNERABILITY SUMMARY: TeamPass 2.1.27.36 is affected by a PHP file include (directory traversal) vulnerability triggered through crafted HTTP requests to sources/users.queries.php with the newValue parameter. The issue allows any authenticated TeamPass user to cause inclusion of arbitrary files,...

gyges.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145820 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting gyges.org website and its users. Following coordinat...

ALPINE-CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elemen...

holz-becker.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1142773 Security Researcher Hchabik Helped patch 2358 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting holz-becker.com website and...

Privilege Escalation

The Apache HTTP Server is vulnerable to Privilege Escalation. A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a...