GHSA-CH3R-VP46-8G22 Code injection in topthink/think

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

Code injection in topthink/think

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

The vulnerability of the config/configuration.php component of the VoIPmonitor traffic analyzer allows a attacker to execute arbitrary PHP code.

The vulnerability of the config/configuration.php component of the VoIPmonitor traffic analyzer is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code...

Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition

✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️‍♂️ Proof of...

CVE-2020-17952

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

Remote code execution

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

CVE-2020-17952

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

CVE-2020-17952

CVE-2020-17952 describes a remote code execution in Twothink v2.0 due to a vulnerability in the file path /library/think/App.php. The vulnerability allows an attacker to execute arbitrary PHP code on the affected system. The public documentation consistently identifies this as an RCE risk without...

Portlandlabs Concrete5 code issue vulnerability

Portlandlabs Concrete5 is an open source content management system CMS from PortlandLabs Portlandlabs, U.S. Portlandlabs concrete5 suffers from a code issue vulnerability that stems from insecure input validation. An attacker could exploit this vulnerability to pass specially designed data to the...

CVE-2021-21804

Advantech R-SeeNet v2.4.12 contains a local file inclusion (LFI) in options.php where unsanitized user input ($sub_opt) is passed to include, enabling arbitrary PHP code execution. The TALOS writeup confirms an exploitable path via crafted HTTP requests (example uses php://filter to read config.i...

CVE-2021-21804

A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

Advantech R-SeeNet File Inclusion Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet suffers from a file inclusion vulnerability, which stems from the failure ...

Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability

Summary A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

Advantech R-SeeNet 安全漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet suffers from a file inclusion vulnerability, which stems from the failure ...

Advisory ROSA-SA-2021-1809

Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...

Seeddms 5.1.10 Remote Command Execution

Exploit Title: Seeddms 5.1.10 - Remote Command Execution RCE Authenticated Date: 25/06/2021 Exploit Author: Bryan Leong Vendor Homepage: https://www.seeddms.org/index.php?id=2 Software Link: https://sourceforge.net/projects/seeddms/files/seeddms-5.0.11/ Version: Seeddms 5.1.10 Tested on: Windows ...

Seeddms 5.1.10 - Remote Command Execution (Authenticated) Exploit

Exploit Title: Seeddms 5.1.10 - Remote Command Execution RCE Authenticated Exploit Author: Bryan Leong Vendor Homepage: https://www.seeddms.org/index.php?id=2 Software Link: https://sourceforge.net/projects/seeddms/files/seeddms-5.0.11/ Version: Seeddms 5.1.10 Tested on: Windows 7 x64 CVE:...

TOCTOU Race Condition enabling remote code execution

Impact The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions: - A user is allowed to supply the path or filename of an uploaded file. - The supplied...

CVE-2013-20002

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework before 1.2.2 wp-content/themes/elemin/themify/themify-ajax.php file...

Code injection

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework before 1.2.2 wp-content/themes/elemin/themify/themify-ajax.php file...