tweaksguide.com Cross Site Scripting vulnerability

Security Researcher geeknik Helped patch 8505 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting tweaksguide.com website and its users. Following coordinat...

The vulnerability of the ColdFusion software platform, related to the names of PHP functions like include or require, allows a hacker to execute arbitrary PHP code on the target system.

The vulnerability of the ColdFusion software platform relates to the names of PHP functions include or require. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code on the target system by sending a specially crafted HTTP request...

FIBARO System Home Center 5.021 - Remote File Include

FIBARO System Home Center 5.021 - Remote File Include Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3,...

FIBARO System Home Center 5.021 - Remote File Include Vulnerability

Exploit for multiple platform in category web applications Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3, Home Center...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Chadha PHPKB CSV Injection Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A CSV injection vulnerability exists in admin/include/operations.php in Chadha PHPKB Standard Multi-Language 9. An attacker can...

Horde Groupware Webmail Edition 5.2.22 PHAR Loading

exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode = sys.argv5 source =...

Sql injection

An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter...

Exploit for CVE-2020-1938

CVE-2020-1938 Tomcat-fileinclude and filered Exploita...

Exploit for CVE-2020-1938

CVE-2020-1938 Suricata 检测规则 suricata CNVD-2020-10487...

CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

Security feature bypass

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability...

CVE-2013-2057

YaBB through 2.5.2 is affected by a Local File Include vulnerability caused by the 'guestlanguage' cookie parameter, enabling inclusion of local files due to improper handling of the cookie value. Affected product/component: YaBB (web forum) up to version 2.5.2. Root cause: unsanitized cookie par...

CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

CVE-2013-2678

CVE-2013-2678 affects Cisco Linksys E4200 devices running firmware 1.0.05 Build 7. The Local File Include vulnerability in the apply.cgi script (submit_type parameter) could allow remote attackers to obtain sensitive information or execute arbitrary code. Public references describe XSS/LFI vector...

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

Code injection

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

CVE-2013-3212

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...