Debian dsa-5830 : smarty4 - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5830 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5830-1 [email protected] https://www.debian.org/security/ Moritz...

WordPress Plugin WP Umbrella: Update Backup Restore & Monitoring Local File Containment Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A local file inclusion vulnerability exists in the WordPress plugin WP Umbrella: Update Backup Restore &...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net version 7.40 and earlier, version 7.42 and earlier, and version 7.42B and earlier, which originates from a code execution vulnerability that can be remotely exploited i...

Debian dsa-5826 : smarty3 - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5826 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5826-1 [email protected] https://www.debian.org/securit...

CVE-2024-12209

Summary (CVE-2024-12209): WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 2.17.0 via the umbrella-restore action’s filename parameter. Unauthenticated attackers can include and execute arbitrary server files, enablin...

CVE-2024-11010

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'defaultlang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2024-11289 Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...

CVE-2024-11429 Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for...

The vulnerability of Kanboard project management software lies in the improper restriction of the path name to the restricted access directory. This allows a hacker to execute arbitrary PHP code on the server and write to files.

The vulnerability of Kanboard project management software relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code on the server and write data to files...

Exploit for CVE-2024-8672

CVE-2024-8672: Authenticated Contributor Remote Code Execution...

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-10898

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7emailaddonaddadmintemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063

This module integrates webforms with eloqua, an automated marketing and demand generation software built to improve the quality and quantity of customers' sales leads and streamline their sales processes. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's...

Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

This module for Drupal provides complete control of Email settings with Drupal and Mailjet. In certain cases the module doesn't securely pass data to PHP's unserialize function, which could result in Remote Code Execution via PHP Object Injection. This vulnerability is mitigated by the fact that ...

[SECURITY] [DLA 3956-1] smarty3 security update

Debian LTS Advisory DLA-3956-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost November 17, 2024 https://wiki.debian.org/LTS Package : smarty3 Version : 3.1.39-2+deb11u2 CVE ID : CVE-2018-25047 CVE-2023-28447 CVE-2024-35226 Debian Bug : 1019897 1033964 1072530 Multip...

Debian dla-3956 : smarty3 - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3956 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3956-1 [email protected]...

CVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. This module accepts any uploaded file extension, including dangerous file formats so it can be used to bypass the...

CVE-2024-51748

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...