484 matches found
WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion
source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive...
YingZhiPython - Directory Traversal / Arbitrary File Upload
source: https://www.securityfocus.com/bid/55685/info An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process. YingZhiPython 1.9 is vulnerable; other versions may also be affected...
YingZhiPython - Directory Traversal Arbitrary File Upload
YingZhiPython - Directory Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/55685/info An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process. YingZhiPython 1.9 is vulnerable;...
WordPress Plugin Cloudsafe365 - file Remote File Disclosure
WordPress Plugin Cloudsafe365 - file Remote File Disclosure source: https://www.securityfocus.com/bid/55241/info The Cloudsafe365 plugin for WordPress is prone to a file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability ...
PHP Web Scripts Text Exchange Pro - page Local File Inclusion
PHP Web Scripts Text Exchange Pro - page Local File Inclusion source: https://www.securityfocus.com/bid/55205/info PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this...
PHP Web Scripts Text Exchange Pro - 'page' Local File Inclusion
source: https://www.securityfocus.com/bid/55205/info PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of...
PHP Web Scripts Ad Manager Pro - 'page' Local File Inclusion
source: https://www.securityfocus.com/bid/55189/info PHP Web Scripts Ad Manager Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of th...
WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload
WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload source: https://www.securityfocus.com/bid/55175/info The Monsters Editor for the WP Super Edit plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the...
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities
source: https://www.securityfocus.com/bid/55166/info The CiviCRM component for Joomla! is prone to multiple arbitrary file-upload vulnerabilities that allows attackers to upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit these...
WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload
source: https://www.securityfocus.com/bid/55175/info The Monsters Editor for the WP Super Edit plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can...
Vtiger CRM LFI Vulnerability (Aug 2012) - Active Check
Vtiger CRM is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Elastix 2.2.0 - graph.php Local File Inclusion
Elastix 2.2.0 - graph.php Local File Inclusion source: https://www.securityfocus.com/bid/55078/info Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts ...
Elastix 2.2.0 - 'graph.php' Local File Inclusion
source: https://www.securityfocus.com/bid/55078/info Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This...
Getsimple CMS 3.1.2 - 'path' Local File Inclusion
source: https://www.securityfocus.com/bid/54866/info GetSimple is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in...
phpProfiles - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/54660/info phpProfiles is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to execute malicious code within the context of the web server...
isc-dhcp -- multiple vulnerabilities
ISC reports: An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An...
WordPress Plugin Generic - Arbitrary File Upload
source: https://www.securityfocus.com/bid/54440/info The Generic Plugin for WordPress is prone to an arbitrary-file-upload vulnerability. An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or...
How to troubleshoot CIM hardware monitoring
Challenge The CIM API allows Veeam products to receive up-to-date information without requesting hardware refreshes, but this requires a separate connection, and if that connection cannot be made, the hardware data will be collected as it was in earlier versions, and request periodic hardware...
CVE-2012-3366
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process bcfg2-server...
CVE-2012-3366
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process bcfg2-server. This is very similar to a flaw discovered last year in a large number of other plugins...