WordPress Button Generator <2.3.3 - Remote File Inclusion

WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions as well as with data:// or http:// protocols, thus leading to cross-site request forgery and remote code execution. id: CVE-2021-25052 info: name: WordPress Button...

CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

CVE-2024-20405

CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...

wifi: iwlwifi: mvm: rfi: fix potential response leaks

...

CVE-2023-52740

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip the interruptexitnotreentrant static branch condition concurrently with the interrupt exit code...

CVE-2023-52740

The CVE-2023-52740 issue affects the Linux kernel on powerpc64s where a race occurs during interrupt exit with security mitigations (RFI/STF). The root cause is that the interrupt_exit_not_reentrant condition can be flipped concurrently with the interrupt exit tests that set MSR[EE|RI], and then ...

CVE-2024-35912

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

CVE-2024-35912

Technical details about CVE-2024-35912 are not provided in the connected documents. No information on affected products/versions/vulnerability specifics is available here; monitor for updates from vendor/security advisories.

CVE-2024-35912 wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

CVE-2024-35912 wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

curl: Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.

Vulnerability description not provided...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

[SECURITY] [DLA 3744-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3744-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 29, 2024 https://wiki.debian.org/LTS -...

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...

CVE-2024-0315

CVE-2024-0315 affects FireEye/Central Management (version 9.1.1.956704). A remote file inclusion flaw in the report creation workflow allows an attacker to upload a malicious PDF to the system. Documented impact indicates high confidentiality, integrity, and availability risks (per CVSS details i...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

K25521404: Node.js netmask vulnerability CVE-2021-28918 and CVE-2021-29418

Security Advisory Description CVE-2021-28918 Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypa...

Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi

Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Date: 14-08-2022 Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/...

CVE-2022-40089

The CVE-2022-40089 entry concerns Simple College Website v1.0 vulnerable to Remote File Inclusion (RFI) via a crafted PHP file when allow_url_include is On. Affected component: the Simple College Website application; root cause: RFI enabling arbitrary code execution. Impact stated in sources: rem...

IBM Cognos Analytics Multiple Vulnerabilities (6616285)

The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following: - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed ...