Khan Academy: https://mathfacts.khanacademy.org/ includes code from unprivileged localhost port

The webpage https://mathfacts.khanacademy.org/ contains an invalid javascript include at the bottom of the page: This is probably some unintended leftover from the development. In normal situations this will only cause the browser to be unable to connect. But it can actually become a security ris...

PT-2018-18894 · Axis +1 · Axis M1033-W +1

Name of the Vulnerable Software and Affected Versions: AXIS M1033-W IP camera Firmware version 5.40.5.1 Description: An issue was discovered where the upload web page does not verify the file type, allowing an attacker to upload a webshell by making a fileUpload.shtml request for a custom .shtml...

Intelbras Telefone IP TIP200 LITE Local File Disclosure

Exploit Title: INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include Google Dork: Date: 16/03/2018 Exploit Author: Matheus Goncalves - anhax0r Vendor Homepage: https://www.facebook.com/anhaxteam/ Software Link: Version: 60.0.75.29 REQUIRED Tested on: Debian CVE : if applicable Remember that yo...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

Webmin 1.840/1.880 expose a Local File Inclusion flaw due to weak default config: enabling "Can view any file as a log file" lets non-privileged users read sensitive local files (e.g., /etc/shadow) via GET /syslog/save_log.cgi?view=1&file=/etc/shadow. Root cause: default settings grant access to ...

Solaris 10 (x86) : 139501-02

SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2018-6910

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php...

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02843)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'op' parameter to the include\spacecp\spacecpupload.php file to inject arbitrary web script or HTML...

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...

Design/Logic Flaw

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpspace.php appid parameter in a delete action...

UBUNTU-CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

WordPress WP Mobile Detector 3.5 Shell Upload Exploit

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a...

SQL Injection Vulnerability in taoCMS Documentation Frontend

TaoCMS is the smallest around 100Kb fully functional CMS management system in China based on php+sqlite/mysql. taoCMS has a SQL injection vulnerability in the include/Model/Index.php file, which allows attackers to exploit the vulnerability to obtain sensitive database information...

UBUNTU-CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

Directory traversal

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

Tulpar - Web Vulnerability Scanner

Tulpar is a open source web vulnerability scanner for written to make web penetration testing automated. Features Sql Injection GET Method XSS GET Method Crawl E-mail Disclosure Credit Card Disclosure Whois Command Injection GET Method Directory Traversal GET Method File Include GET Method Server...

Wireless Repeater BE126 - Local File Inclusion

Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-8770 1 -...