UBUNTU-CVE-2025-32044

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exceptionignoreargs = 1 in the...

Linux Distros Unpatched Vulnerability : CVE-2013-6501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default soap.wsdlcachedir setting in 1 php.ini-production and 2 php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier...

CVE-2024-7162

A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched...

Insecure Deserialization

typo3/cms-form is vulnerable to Insecure Deserialization. The vulnerability is due to the PECL package "yaml" with the PHP setting yml.decodephp enabled, which allows an attacker to deserialize arbitrary YAML to PHP code. An attacker must have a valid backend user account as well yaml.decodephp...

TYPO3 CMS Insecure Deserialization

It has been discovered that the Form Framework system extension form is vulnerable to Insecure Deserialization when being used with the additional PHP PECL package yaml, which is capable of unserializing YAML contents to PHP objects. A valid backend user account as well as having PHP setting...

PT-2022-2581 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.30 Description: The issue is related to the Admin CP's Settings management module, which does not validate setting types correctly on insertion and update. This allows an attacker to add settings of supported type p...

KTP Computer Customer Database CMS 1.0 - Local File Inclusion Vulnerability

No description provided by source. !/usr/bin/perl -w ====================================== KTPCCD Local File Inclusion Exploit ====================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

Saurus CMS 4.7.1 Multiple Vulnerabilities

Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities. Saurus CMS 4.7.1 LFI / RFI / XSS / SQL Injection /...

Saurus CMS 4.7.1 - Multiple Vulnerabilities

Saurus CMS 4.7.1 - Multiple Vulnerabilities waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web:...

nBill component for Joomla! 'cid' Parameter SQLi

The version of the nBill also known as netinvoice component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'cid' parameter before using it to construct database queries. Regardless of the PHP...

WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'tbid' parameter of the 'wp-trackback.php' script before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch SQL injection attacks against the affected application,...