PHPGURUKUL Employee Record Management System 路径遍历漏洞

Employee Record Management System is an employee record management system. Employee Record Management System has a directory traversal vulnerability that originates from a directory traversal vulnerability in the admin/includes/ file, which can be exploited by an attacker to retrieve and download...

CVE-2021-44278

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php...

CVE-2021-44278

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php...

CVE-2021-44278

Librenms 21.11.0 is affected by a path traversal vulnerability in includes/html/pages/device/showconfig.inc.php, enabling manipulation of the requested path to access files outside the intended directory. Multiple connected advisories (GHSA-7289-CHWJ-7H86, OSV:GHSA-7289-CHWJ-7H86, CNVD/CNNVD, Ver...

OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal

The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Fonts Cache Directory" setting of the plugin: ../wp-includes, tick the...

secure.action.news Cross Site Scripting vulnerability OBB-2282566

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

americadourada.ba.gov.br Cross Site Scripting vulnerability OBB-2239270

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...

Sql injection

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...

CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...

Nagios XI 代码问题漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.8.5, which stems from the software's lack of...

weddingsonline.ie Cross Site Scripting vulnerability OBB-2166106

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mysql:8.0 security, bug fix, and enhancement update

mysql 8.0.26-1 - Update to MySQL 8.0.26 8.0.25-1 - Update to MySQL 8.0.25 8.0.24-1 - Update to MySQL 8.0.24 - Upstreamed patch: mysql-main-cast.patch 8.0.23-1 - Update to MySQL 8.0.23 - Created mysql-fix-includes-robin-hood.patch - Created mysql-main-cast.patch 8.0.22-1 - Update to MySQL 8.0.22 -...

CVE-2021-38340

The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the updaterow parameter found in the /includes/addproduct.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

GHSA-7VPH-P634-VRQF Command Injection in RaspAP 2.6.6

includes/configureclient.php in RaspAP 2.6.6 allows attackers to execute commands via command injection...

PT-2021-22208 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP version 2.6.6 Description: The issue allows attackers to execute commands via command injection in the includes/configure client.php file. This can lead to unauthorized access and control of the system. Recommendations: For RaspAP...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

Nagios XI Manage.php Directory Traversal (CVE-2021-3277)

A directory traversal vulnerability exists in Nagios XI. The vulnerability is due to insufficient validation of the request parameters in manage.php of the Custom-includes module...

CVE-2021-3277

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files...

CVE-2021-3277

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files...