127 matches found
EUVD-2006-4473
Malware in sbrugna...
EUVD-2008-6701
Malware in sbrugna...
EUVD-2007-0448
Malware in sbrugna...
CVE-2024-52778
DCME-320 =7.4.12.90, DCME-520 =9.25.5.11, DCME-320-L =9.3.5.26, and DCME-720 =9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/monstathist.php...
CVE-2010-5066
The createRandomPassword function in includes/functionscommon.php in Virtual War aka VWar 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mtsrand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack...
CVE-2019-25217
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2024-7222
A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has...
GHSA-MG4X-PRH7-G4MX Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, ZendCaptchaWord v1 and Zend\Captcha\Word v2 generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal arrayrand function. This function does not generate...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
Directory traversal
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2023-45868
The Learning Module in ILIAS 7.25 2023-09-12 release allows an attacker with basic user privileges to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside...
CVE-2023-45951
lylmespage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php...
Exploit for Command Injection in Sophos Web_Appliance
Сve-2023-1671 How does cve-2023-1671https://vulners.com/c...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
Input validation
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
Remote Code Execution
shopware is vulnerable to Remote Code Execution RCE. An attacker with access to a Twig environment is able to use templates to call any global PHP function with filters such as map, filter, and sort, which allows an attacker to upload and execute malicious code on the system...
CVE-2023-22731
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...