CVE-2024-22076

MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface...

CVE-2024-22076

MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface...

CVE-2024-22076

MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface...

PT-2023-24995 · Unknown · Simplephpscripts Event Script

Name of the Vulnerable Software and Affected Versions: SimplePHPscripts Event Script version 2.1 Description: A vulnerability was found in the file preview.php of the component URL Parameter Handler, which leads to cross site scripting. The attack may be launched remotely. Recommendations: For...

Privilege Escalation from customer to root

Privilege Escalation from Customer to Root First of all, sorry for the formatting of the report, but this platform is a mess. I can't attach any PoC files added chapters at the end of the report instead, can't attach any screenshots, nor provide a report as PDF. And btw markdown is only partly...

CVE-2022-22246

A PHP Local File Inclusion LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack...

Remote Code Execution (RCE)

ldap-account-manager:sid is vulnerable to remote code execution. LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf...

Arbitrary Code Execution

ldap-account-manager is vulnerable to arbitrary code execution. The vulnerability exists due to object instantiation which allows an attacker to inject and execute arbitrary php scripts...

CVE-2022-31086

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the...

CVE-2022-31086 Incorrect Regular Expressions in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the...

CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2022-31087

CVE-2022-31087 affects LDAP Account Manager (LAM). The underlying issue is that in versions prior to 8.0 the tmp directory under /lam/tmp/ is capable of interpreting PHP files, enabling a writer with www-data privileges to place a web shell and achieve code execution on the host. The accepted rem...

CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2022-31087

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...

CVE-2022-2102 Secheron SEPCOS Control and Protection Relay

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file...

CVE-2022-2102

CVE-2022-2102 affects Secheron SEPCOS Control and Protection Relay. Limited uploads by file extension checks can be bypassed, enabling an attacker to intercept the initial upload response, modify code, and trigger arbitrary file uploads to a location where PHP scripts may execute. Affected firmwa...

Yii PHP Framework arbitrary PHP scripts execution

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

GHSA-74QV-RV53-5WCX Yii PHP Framework arbitrary PHP scripts execution

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...