CVE-2005-3056

TWiki is affected by CVE-2005-3056 due to an arbitrary shell command execution flaw in the Include function. The vulnerability enables an attacker to execute commands on the server when TWiki processes Include, with network access, no authentication, and no user interaction required in the CVSS a...

CVE-2019-18385

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring...

Directory Traversal

librenms/librenms is vulnerable to directory traversal. The usage of mysqlrealescapestring to sanitize untrusted user supplied data that is subsequently passed to the include function as a file path in csv.php, is insecure. An attacker could potentially include arbitrary files on the server using...

Remote code execution

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

Exploit for Cross-site Scripting in Atlassian Html_Include_And_Replace_Macro

CVE-2019-15053 FAB-2019-00156 Vulnerability discoverd by me...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

Design/Logic Flaw

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The CVE-2019-15053 issue affects the HTML Include and replace macro plugin for Confluence Server (pre-1.5.0). A bypass of the includeScripts=false XSS protection via an IFRAME vector is documented, enabling cross-site scripting. Connected sources show a public exploit draft and vendor advisories ...

TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities

TeamPass is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor SEC-385...

CVE-2016-10828

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path SEC-97...

CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor SEC-385...

CVE-2016-10837

cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path SEC-46...

CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

[SECURITY] [DLA 1823-1] linux security update

Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

The vulnerability of the CUPS printing server, related to authentication errors, allows a perpetrator to gain access to confidential data.

The vulnerability of the CUPS printing server is related to the improper handling of certain include directives. This allows unprivileged users to gain access to and read arbitrary files from the superuser’s perspective. Exploiting this vulnerability enables a perpetrator to gain access to...

PT-2019-4683 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.93 Apache Tomcat versions 8.5.0 through 8.5.39 Apache Tomcat versions 9.0.0.M1 through 9.0.0.17 Description: The issue is related to the SSI printenv command in Apache Tomcat, which echoes user-provide...

CVE-2018-20487

An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...