EUVD-2018-2357

Malware in sbrugna...

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

Cross site scripting

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...

Server Side Request Forgery (SSRF)

concrete5 is susceptible to server side request forgery SSRF. The vulnerability is possible because of file replacing function in tools/files/importers/remote.php which allows to scan local network and to enumerate open TCP ports...

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page...

Sql injection

CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action...

CVE-2018-10283

CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action...

CVE-2018-10283

CVE-2018-10283 affects CliqueMania loja virtual version 14. It is a SQL Injection flaw reachable via the patch/remote.php id parameter in a recomendar action. Multiple sources describe that a remote attacker can exploit the vulnerability to execute SQL commands using the id parameter. The provide...

DokuWiki 'remote.php' remote elevation of privilege vulnerability

DokuWiki is an open source wiki engine program written in PHP. A remote elevation of privilege vulnerability exists in DokuWiki 'remote.php', which can be exploited by a remote attacker to execute arbitrary code with elevated privileges...

CVE-2011-4948

CVE-2011-4948 is a directory traversal vulnerability in EGroupware’s admin/remote.php. Affected products are EGroupware Enterprise Line (EPL) prior to 11.1.20110804-1 and EGroupware Community Edition prior to 1.8.001.20110805. The issue allows remote attackers to read arbitrary files by supplying...

OSClass 2.3.x - Directory Traversal Arbitrary File Upload

OSClass 2.3.x - Directory Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload...

OSClass 2.3.x - Directory Traversal / Arbitrary File Upload

source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver...