CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...

Remote Code Execution (RCE)

nilsteampassnet/teampass is vulnerable to Remote Code Execution RCE. The vulnerability exists due to lack of restrictions of certain input fields which are directly inserted into a tp.config.php which allows an attacker to inject and execute malicious PHP code...

ILIAS eLearning Platform XSS / Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below fixed version: see section "Solution" belo...

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

CVE-2023-36992

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

Code injection

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

Code injection

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

CVE-2023-36992

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

TravianZ 安全漏洞

TravianZ is a free-to-play, in-browser, web-based strategy game from Travian, a German company. A security vulnerability exists in TravianZ version 8.3.4, 8.3.3, which stems from incorrect access control. An attacker could exploit the vulnerability to override the server configuration and inject...

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

CVE-2023-36994

CVE-2023-36994 concerns TravianZ versions 8.3.3 and 8.3.4, where an incorrect access control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. The description in multiple sources confirms the root cause as incorrect access control within the ...

CVE-2020-21861

File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

Code injection

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

Invision Power Services, Inc.: XSS with Visual Language Editor tags

A security vulnerability allowed an attacker to execute arbitrary code on a website by exploiting the Visual Language Editor tags. By injecting malicious code into a post or comment, the attacker could gain full control of the website and its data. The vulnerability has been patched...

CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...