shudong-share 代码问题漏洞

shudong-share is a free and open source PHP extranet system by AaronLiu. A code issue exists in version 2.4.7 of shudong-share, which stems from an unrestricted file upload in the file parameter of the /includes/fileReceive.php file of the File Extension Handler component...

Edge Side Includes Injection

Edge Side Includes ESI is a markup language used for dynamic web content assembly. It allows web developers to cache parts of web pages at the edge servers, reducing server load and improving page load times. However, when ESI is improperly implemented, it can be vulnerable to ESI Injection...

squid: Out-of-bounds write error may lead to Denial of Service

A flaw was found in Squid. An out-of-bounds write can be triggered when an Edge Side Includes ESI variable is assigned to a value not in the standard ASCII range, for example, multi-byte characters. This flaw allows a trusted server to crash Squid while processing an ESI response content, resulti...

owlwisemarketing.com.xx3.kz Cross Site Scripting vulnerability OBB-3947284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEBIAN-CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...

Squid security vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid that stems from an out-of-bounds write error when allocating ESI variables,...

GHSA-8H4M-R4WM-XJ7R TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

Exposure Of Sensitive Information To An Unauthorized Actor

moodle/moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a misconfigured shared hosting environment that allows access to other users' content. This allows an attacker to execute arbitrary local file includes by restoring wiki modules...

CGA-2F62-C37V-36CH

Bulletin has no description...

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

GHSA-F9HR-7CFQ-MJG2 TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 disks /admin/DeviceS3. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 disks /admin/DeviceS3. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3788

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through License /admin/CDPUsers. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3788

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through License /admin/CDPUsers. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

CVE-2024-3786

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device Synchronizations /admin/DeviceReplication. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3785

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device NAS shared section /admin/DeviceNAS. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device Synchronizations /admin/DeviceReplication. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3785

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device NAS shared section /admin/DeviceNAS. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...