EUVD-2020-11268

Malware in sbrugna...

EUVD-2005-4089

Malware in sbrugna...

EUVD-2007-4801

Malware in sbrugna...

EUVD-2005-1449

Malware in sbrugna...

EUVD-2006-2498

Malware in sbrugna...

EUVD-2020-26739

Malware in sbrugna...

CVE-2025-34111

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector connector.minimal.php, which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The...

CVE-2021-24375

Lack of authentication or validation in motorloadmore, motorgalleryloadmore, motorquickview and motorprojectquickview AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php script...

CVE-2020-5577

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

Arbitrary file upload vulnerability in earcms uplog.php

Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. earcms uplog.php arbitrary file upload vulnerability , attackers ca...

Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution

============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content Upload and PHP Script Execution II. BACKGROUND...

Kirby CMS multi-vulnerability analysis-vulnerability warning-the black bar safety net

Kirby CMS is an easy to use, easy to install and setup is very flexible CMS system, no database support, the use of file system storage. Support Markdown grammar, templates and plug-ins. Vulnerability details In Kirby CMS found two vulnerabilities: 1. By path traversal authentication bypass 2. Th...

All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...

eYou /php/ip_status.php 命令执行漏洞

No description provided by source...

[SECURITY] [DSA 2610-1] ganglia security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2610-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 21, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2610-1 (ganglia - arbitrary script execution)

Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. OpenVAS Vulnerability Test $Id: deb2610.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2610-1 using...

Debian: Security Advisory (DSA-2610-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...