SUSE CVE-2008-1891

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

Exploit for CVE-2022-26646

Tittle: Online Banking System LFI. Author: Erik451 C...

GOautodial 路径遍历漏洞

GOautodial is a next-generation open source omnichannel contact center suite. GOautodial suffers from a security vulnerability that stems from the software taking a user-supplied action parameter and attaching a php file extension to locate and load the correct PHP file, but not filtering and...

PT-2020-18753 · Artica · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.0NG.742 FIX PERL2020 Description: The issue allows authenticated administrators to upload malicious PHP scripts and execute them via base64 decoding of the file location. This is achieved through the...

httpd: privilege escalation from modules scripts

A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...

httpd: privilege escalation from modules scripts

A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...

UBUNTU-CVE-2019-8937

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mesefine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizzatabelle.php...

CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious...

ProjeQtor 4.5.2 Shell Upload Vulnerability

Exploit for php platform in category web applications Vulnerability title: Arbitrary File Upload In ProjeQtor CVE: Not yet assigned Vendor: ProjeQtor Product: ProjeQtor Affected version: 4.5.2 Fixed version: 4.5.3 Reported by: Arturo Rodriguez Details: It was discovered that authenticated users...

ProjeQtor 4.5.2 Shell Upload

Vulnerability title: Arbitrary File Upload In ProjeQtor CVE: Not yet assigned Vendor: ProjeQtor Product: ProjeQtor Affected version: 4.5.2 Fixed version: 4.5.3 Reported by: Arturo Rodriguez Details: It was discovered that authenticated users were able to upload files with extensions: php3, php4,...

ADA IMGSVR 0.4 - Remote File Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10027/info A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein. An attacker may...

libgdDoS.txt

Introduction --------------- from GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is commonly used to generate...

libgd 2.0.33 infinite loop in GIF decoding ?

Introduction --------------- from http://www.boutell.com/gd/ GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is...