CVE-2024-3788 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through License /admin/CDPUsers. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3788 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through License /admin/CDPUsers. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3787 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 disks /admin/DeviceS3. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through Device Synchronizations /admin/DeviceReplication. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3786

WBSAirback 21.02.04 is affected by an SSI (Server-Side Includes) handling flaw exposed via the Device Synchronizations API at /admin/DeviceReplication. The root cause is improper neutralization, enabling a remote attacker to execute arbitrary code. Several sources corroborate this CVE-2024-3786 v...

CVE-2024-3785

WBSAirback 21.02.04 is affected by a vulnerability described as improper neutralisation of Server-Side Includes (SSI) via the Device NAS shared section (/admin/DeviceNAS). The root cause is SSI handling in the Device NAS path, which could allow a remote attacker to execute arbitrary code. Affecte...

CVE-2024-3784 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 Accounts /admin/CloudAccounts. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3784 Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 Accounts /admin/CloudAccounts. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...

CVE-2024-3784

CVE-2024-3784 affects WBSAirback 21.02.04. The vulnerability is due to improper neutralisation of Server-Side Includes (SSI) through the S3 Accounts API at /admin/CloudAccounts, which could allow a remote attacker to execute arbitrary code. Public documents describe the issue and impact but do no...

PT-2024-27784 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through the Device NAS shared section, accessible via the /admin/DeviceNAS endpoint. This could allow a remote user to execute...

PT-2024-27790 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through Device Synchronizations at the "/admin/DeviceReplication" API endpoint. This could allow a remote user to execute arbitrar...

PT-2024-27798 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through S3 disks, specifically at the /admin/DeviceS3 endpoint. This could allow a remote user to execute arbitrary code,...

PT-2024-27775 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through S3 Accounts, accessible via the "/admin/CloudAccounts" API endpoint. This could allow a remote user to execute arbitrary...

PT-2024-9989 · WordPress · Vibebp

Name of the Vulnerable Software and Affected Versions: VibeBP versions 1.9.9.4.1 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation. This vulnerability is associated with the vibebp register user function in the...

RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

BIT-WORDPRESS-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

PT-2023-10833 · Unknown · Mdalamin-Aol Own Health Record

Name of the Vulnerable Software and Affected Versions: MdAlAmin-aol Own Health Record versions 0.1-alpha through 0.3.1-alpha Description: This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated...

WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

Description The plugin accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code...

The vulnerability of the Custom Includes module in the Nagios XI monitoring tool allows a hacker to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Custom Includes module in Nagios XI is related to the unlimited loading of files of a dangerous type. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain unauthorized access to protected information...