31 matches found
CVE-2026-48241
Open ISES Tickets before 3.44.2 stores MySQL credentials in loader.php as hardcoded values committed to the source tree. This allows any reader of the public source or an unauthenticated read on a deployed install to obtain username, password, and database name and potentially connect to the data...
tickets 信任管理问题漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from hardcoding MySQL database credentials in the loader.php file and submittin...
EUVD-2022-29790
Malicious code in bioql PyPI...
CVE-2022-25046
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request...
GHSA-X38C-V778-W56M ICEcoder Path Traversal vulnerability
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php...
CVE-2024-41373
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php...
CVE-2024-41373
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php...
CVE-2024-41373
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php...
CVE-2024-41373
ICEcoder 8.1 is affected by a Path Traversal vulnerability via lib/backup-versions-preview-loader.php (CVE-2024-41373). All connected sources consistently identify the issue as a path traversal in that file. The documentation does not explicitly detail impact vectors, affected configurations, or ...
Improper Access Control
moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in parsefileinformationfromurl function of lang.php and loader.php due to improper folder restrictions which allows an attacker to send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2022-25046
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request...
Path traversal
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request...
CWP Panel 路径遍历漏洞
CWP Panel is a modern and advanced Linux control panel from CWP Inc. It is intended for web hosting service providers and system administrators. A security vulnerability exists in CWP Panel version v0.9.8.1122, which stems from a path traversal vulnerability in loader.php. An attacker can exploit...
PT-2022-17062 · Cwp · Cwp
Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1122 Description: A path traversal vulnerability in loader.php allows attackers to execute arbitrary code via a crafted POST request. Recommendations: For CWP version 0.9.8.1122, consider disabling the loader.php file until ...
MTN Group: [mtn.com.af] Multiple vulnerabilities allow to Application level DoS
Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...
MTN Group: CVE-2018-6389 exploitation - using scripts loader
Issue Description Unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times. The vulnerability is registered as CVE-2018-6389 76172...
CVE-2011-4938
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
CVE-2011-4938
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
CVE-2011-4938
CVE-2011-4938 affects Ariadne 2.7.6, with multiple XSS vulnerabilities that allow remote injection of arbitrary web script or HTML via PATH_INFO to index.php and loader.php. The vulnerability is caused by improper handling of PATH_INFO inputs, leading to script execution under the context of the ...