CVE-2018-25071

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insertlog of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this...

Sql injection

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insertlog of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this...

CVE-2018-25071 roxlukas LMeve proxy.php insert_log sql injection

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insertlog of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this...

CVE-2018-25071

CVE-2018-25071 affects roxlukas LMeve up to 0.1.58. The vulnerability is in the function insert_log of wwwroot/ccpwgl/proxy.php, where manipulation of the fetch parameter enables SQL injection. The issue is mitigated by upgrading to version 0.1.59-beta (patch identified as c25ff7fe83a2cda1fcb365b...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

Engel & Völkers Technology GmbH: Blind SSRF on infodesk.engelvoelkers.com via proxy.php

Summary: The application has a proxy.php file which basically accepts a parameter via url query parameter and passes it to fopen. However, it doesn't validate the parameter value prior to passing it to fopen- making it possible to influence what's being done. That said, because of code following...

CVE-2007-6758

Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...

CVE-2007-6758

Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...

CVE-2007-6758

CVE-2007-6758 describes a Server-Side Request Forgery (SSRF) in feed-proxy.php of ExtJS 5.0.0. Affected component/file: feed-proxy.php; root cause not detailed in available documents beyond SSRF. Impact semantics: CVSS v2 base score 5.0 (MEDIUM) and CVSS v3.1 base score 7.5 (HIGH) with Network ac...

Cross site scripting

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting XSS attacks via the HTTP Referer header...

CVE-2013-6880

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting XSS attacks via the HTTP Referer header...

CVE-2013-6880

CVE-2013-6880 is an open redirect vulnerability in FlashCanvas’s proxy.php (versions prior to 1.6) that can redirect users to arbitrary sites and enable XSS via the Referer header. Affected: FlashCanvas 1.5 and possibly older; fix: upgrade to FlashCanvas 1.6 or later. The issue status is active i...

Server side request forgery (ssrf)

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

UBUNTU-CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2019-9642

CVE-2019-9642 affects pydio-core up to version 8.2.2 in the proxy.php module; an unauthenticated request allows evaluating and executing malicious PHP code via a PoC placed on the fourth line of a .php file, with execution triggered through a crafted proxy.php?hash=../../../../../var/lib/pydio/da...

Trend Micro OfficeScan Proxy Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan. Authentication is required to exploit this vulnerability. The specific flaw exists within the Web Console, which listens on TCP port 4343 by default. When parsing the tr...

Trend Micro OfficeScan 11.0XG (12.0) - Remote Code Execution (Metasploit)

Trend Micro OfficeScan 11.0XG 12.0 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro OfficeScan Remote Code Execution", 'Description' = %q This modul...