CVE-2018-5781

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

CVE-2018-5780

The CVE-2018-5780 issue affects Mitel Connect ONSITE (versions R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier), where an unauthenticated attacker could inject PHP code via crafted requests to vnewmeeting.php, enabling arbitrary PHP execution within the application. Connected CNVD/NVD...

CVE-2018-5782

CVE-2018-5782 affects Mitel Connect ONSITE (ShoreTel) ST14.2 and Mitel ST, specifically versions including and prior to GA28. The vulnerability is in the conferencing component and allows an unauthenticated attacker to inject and execute arbitrary PHP code via crafted requests to vsethost.php, re...

CVE-2018-7448

Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure...

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

gps-server.net GPS Tracking Software (self hosted) Remote Code Execution Vulnerability

gps-server.net GPS Tracking Software self hosted is a GPS location tracking program. The program is able to manage tracking history, reports, events, notifications and more. A security vulnerability exists in the 'writeLog' function in the fncommon.php file in gps-server.net GPS Tracking Software...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3.x before 3.1.32 is vulnerable to PHP code injection when fetch() or display() are used on custom resources that do not sanitize the template name. Root cause: unsanitized template-name handling in Smarty’s fetch/display paths can lead to arbitrary code execution in PHP contexts. The CVE ...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

Cross site request forgery (csrf)

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

EllisLab ExpressionEngine Cross-Site Scripting Vulnerability

EllisLab ExpressionEngine is the United States EllisLab company's set of content management system CMS, it provides Web publishing, template engine and attachment components and other modules. A cross-site scripting vulnerability exists in EllisLab ExpressionEngine version 3.4.2. A remote attacke...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

Cross site scripting

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...