webpack-dev-server 安全漏洞

webpack-dev-server is an open-source application developed by webpack. Versions of webpack-dev-server prior to version 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from exposure to cross-origin code. When it provided services through non-potentially trusted sources, suc...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to external control of file names or paths, allows a perpetrator to load arbitrary PHP scripts and intercept plugin loaders to execute these scripts at will.

The vulnerability of the GLPI system for requests, incidents, and computer equipment inventory management is related to external control of file names or paths. Exploiting this vulnerability allows a malicious actor to load any arbitrary PHP script and intercept the plugin loader to execute that...

BlockDev Sp. Z o.o: load scripts DOS vulnerability

load scripts DOS vulnerability...

CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

Yesterday Monday, February 5, 2018, a zero-day vulnerability in WordPress core was disclosed, which allows an attacker to perform a denial of service DoS attack against a vulnerable application. The vulnerability exists in the modules used to load JS and CSS files. These modules were designed to...

Exploit for Uncontrolled Resource Consumption in Wordpress

CVE-2018-6389 Wordpress Exploit CVE-2018-6389 Exploit Can Dow...

Directory traversal

Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magicquotesgpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the 1 theme parameter to loadStyles.php and the 2 scripts parameter to javascript/loadScripts.php. NOTE: the...