58 matches found
EUVD-2012-2691
Malware in sbrugna...
EUVD-2020-5727
Malware in sbrugna...
EUVD-2024-53580
Malicious code in bioql PyPI...
EUVD-2023-30742
Malicious code in bioql PyPI...
EUVD-2022-47866
Malicious code in bioql PyPI...
EUVD-2022-42420
Malicious code in bioql PyPI...
BIT-LIBPYTHON-2022-48565
An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...
CVE-2022-39978
Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point...
CVE-2008-0936
SQL injection vulnerability in index.php in the Prayer List prayerlist 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action...
CVE-2024-57409
A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...
Information Disclosure
typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper access control in the file list module, allowing editors with access to this module to list all file and folder names in the root directory of a TYPO3 installation. Attackers can use this to gather information...
GHSA-8H4M-R4WM-XJ7R TYPO3 Arbitrary Code Execution via File List Module
Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...
TYPO3 Arbitrary Code Execution via File List Module
Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account ...
GHSA-F9HR-7CFQ-MJG2 TYPO3 Arbitrary Code Execution via File List Module
Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...
TYPO3 Arbitrary Code Execution via File List Module
Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...
PT-2024-40443 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A issue has been found that allows editors with access to the file list module to list all file names and folder names in the root directory of a TYPO3 installation. However, modification of...
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...