34 matches found
UBUNTU-CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
The vulnerability of the file include/page/Article.php in the MediaWiki software, which is used to implement a hypertext environment, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the File/include/page/Article.php script used in implementing the MediaWiki hypertext environment is related to the improper assignment of permissions for the critical resource during the signature request check. Exploiting this vulnerability can allow an attacker operating...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
SUSE CVE-2007-0905
PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...
The vulnerability in the grel.php web interface of the unified console consolidation platform for backup and archiving FUJITSU ETERNUS CS8000 allows a perpetrator to execute arbitrary code and gain elevated privileges.
The vulnerability of the grel.php web interface of the unified console consolidation platform for backup and archiving FUJITSU ETERNUS CS8000 relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain elevated...
CVE-2019-11048
A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service...
CVE-2018-13056
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcmsmain table and then making an img add request. This can be leveraged for database access by deleting install.lock...
WordPress plugin wp-sns-share suffers from a reflected cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A reflective cross-site scripting vulnerability exists in the WordPress plugin wp-sns-share 'index.php' page, which can be exploited by attackers to construct...
HP System Management Homepage < 7.4 Multiple Vulnerabilities
According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is affected by the following vulnerabilities : - A flaw exists within the included cURL that disables the 'CURLOPTSSLVERIFYHOST' check when the setting on 'CURLOPTSSLVERIFYPEER' ...
DEBIAN-CVE-2011-3265
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter...
security flaw
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...
bblog 0.7.2 cross site scripting
Introduction: Bblog, a blogging system scripted in PHP does not perform sufficient filtering when submitting a blog name. The severity of this flaw however, is low as the required privileges to access the administration panel for bblog is superuser. The problem: The flaw lies in...
Poster version.two index.php Account Manipulation Privilege Escalation
The remote host is running 'poster version.two' a news posting system written in PHP. There is a flaw in this version that allows new users to enter a specially crafted name that could allow them to gain administrative privileges on this installation. %NASLMINLEVEL 70300 C Tenable Network Securit...
Cookie vulnerability in Alguest guestbook (PHP)
Alguest is a guestbook programmed in PHP, there is a major flaw in it which enables any user to access the admin panel. The script can be downloaded from http://www.hotscripts.com/cgi-bin/dload.cgi?ID=14105 It has a flaw in which cookie data isn't properly checked for administrator rights usernam...