Hono 安全漏洞

Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono versions prior to 4.2.7, which stems from using serveStatic with deno to traverse the directory where main.ts is located, potentially retrieving unexpected files...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

CVE-2019-15519

Power-Response before 2019-02-02 allows directory traversal up to the application's main directory via a plugin...

CVE-2018-20159

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...

CVE-2007-1458

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...

PPC Search Engine 1.61 - INC Multiple Remote File Inclusions

PPC Search Engine 1.61 - INC Multiple Remote File Inclusions ============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- script demo: http://www.hyper-scripts.com/demo/ppc/ Risk : very...