CVE-2024-29894

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

UBUNTU-CVE-2024-29894

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

$_SERVER[SCRIPT_NAME]variable to the value of the injected malicious code-vulnerability warning-the black bar safety net

$SERVER'SCRIPTNAME'variable in the route pass the parameters, can be introduced into the malicious code, which leads toxssas well as malicious code injection. PS: this article is only for technical discussion and sharing, it is forbidden for any illegal purposes. $SERVER'SCRIPTNAME'variables are...

XenForo 1.5.x Remote Code Execution Vulnerability

Exploit for php platform in category web applications XenForo 1.5.x Remote Code Execution Vulnerability 1. ADVISORY INFORMATION ======================= Product: XenForo Vendor URL: xenforo.com Type: Code Injection CWE-94 Date found: 2016-12-09 Date published: 2016-12-15 CVSSv3 Score: 9.3...

Arbitrary Variable Overwrite in eShop WordPress Plugin

Advisory ID: HTB23255 Product: eShop WordPress plugin Vendor: Rich Pedley Vulnerable Versions: 6.3.11 and probably prior Tested Version: 6.3.11 Advisory Publication: April 15, 2015 without technical details Vendor Notification: April 15, 2015 Public Disclosure: May 6, 2015 Vulnerability Type: Cod...

WordPress eShop 6.3.11 Code Execution Exploit

High-Tech Bridge Security Research Lab discovered a security vulnerability in the eShop WordPress Plugin, which can be exploited by remote attackers to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of...

boblog arbitrary variable overwrite vulnerability(a)-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com Vulnerability code is as follows: // go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // from$SERVER"REQUESTURI",can be arbitrarily submitted:...

Gentoo Security Advisory GLSA 200511-08 (PHP)

The remote host is missing updates announced in advisory GLSA 200511-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass

Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass source: https://www.securityfocus.com/bid/14429/info Ragnarok Online Control Panel ROCP is prone to a vulnerability that may let remote attackers bypass user authentication. This issue is related to how PHP variables are handled, letti...

php -- php_variables memory disclosure

Stefano Di Paola reports: Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables...

CVE-2001-1159

SquirrelMail 1.0.4 and earlier are affected by CVE-2001-1159 due to improper initialization of PHP variables in load_prefs.php and related include files. This allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary PHP code by uploadi...

CVE-2001-1159

loadprefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to 1 view sensitive files via the configphp and datadir options, and 2 execute arbitrary code by using optionsorder.php to upload a message...

Переполнения буфера в IODBC (buffer overflow)

Переполнение буфера при длинном имени DSN источника данных. Источник данных указывается через переменную окружения, что может привести к проблеме, например в случае неинициализированных переменных PHP...

Неинициализированные PHP-переменные в Mambo Site Server (unauthorized access)

Классическая ошибка PHP позволяет неавторизованный административный доступ...

Дырка в Horde IMP (code execution)

Неинициализированные PHP-переменные позволяют выполнение скрипта заданного атакующим. Кроме того есть другие уязвимости...

CVE-2001-1159

loadprefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to 1 view sensitive files via the configphp and datadir options, and 2 execute arbitrary code by using optionsorder.php to upload a message...