Exploit for CVE-2020-1938

Tomcat Ghostcat CVE-2020-1938 / CNVD-2020-10487 Vulnerabilit...

CVE-2025-62753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through = 1.3.4...

EUVD-2012-2928

Malware in sbrugna...

EUVD-2013-2039

Malware in sbrugna...

EUVD-2020-28597

Malware in sbrugna...

EUVD-2023-58280

Malicious code in bioql PyPI...

EUVD-2023-2887

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-5550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server...

Linux Distros Unpatched Vulnerability : CVE-2024-34005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity...

Linux Distros Unpatched Vulnerability : CVE-2024-34002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules...

Linux Distros Unpatched Vulnerability : CVE-2024-34004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and...

USN-7366-2 ruby-rack vulnerabilities

USN-7366-1 fixed vulnerabilities in Rack. This update provides the corresponding updates for Ubuntu 25.04. Original advisory details: Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A remote attacker could possibly use this issue to perform CRLF injection. CVE-2025-25184...

CVE-2023-6013

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

CVE-2023-2249

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of filegetcontents without appropriate verification of the data being supplied to the function...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

BIT-MOODLE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

BIT-MOODLE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

WordPress plugin Ray Enterprise Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Moodle 4.3.x < 4.3.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

Moodle < 4.1.10 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...