PT-2026-39473

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...

PT-2026-32013

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, has an issue where the PlatformConfigurationController::decodeSettingArray method uses PHP's eval function to process platform settings retrieved...

EUVD-2020-5024

Malware in sbrugna...

EUVD-2018-12387

Malware in sbrugna...

CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2020-26295

OpenMage (Magento CE fork) is affected in versions before 19.4.10 and 20.0.5. An administrator with permissions to import/export data and edit CMS pages could inject an executable file on the server via layout XML. The issue is fixed in 19.4.10 and 20.0.5; upgrade to these versions or later to re...

Code injection

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

Code injection

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

CVE-2018-1808 affects IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6, where inadequate input control could allow server-side code injection. The trusted sources in the provided documents identify the impact as server-side code injection, with the NVD listing CVSS3 base score 8.8 (HIGH) a...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

Oracle Linux 5 : squirrelmail (ELSA-2009-1066)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-1066 advisory. - fix broken patch for CVE-2009-1579 - fix broken patch for CVE-2009-1579 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 :...

CentOS Update for squirrelmail CESA-2009:1066 centos3 i386

Check for the Version of squirrelmail OpenVAS Vulnerability Test CentOS Update for squirrelmail CESA-2009:1066 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

RedHat Security Advisory RHSA-2009:1066

The remote host is missing updates announced in advisory RHSA-2009:1066. A server-side code injection flaw was found in the SquirrelMail mapypalias function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service NIS server via the mapypalias...

squirrelmail security update

1.4.8-5.0.1.el53.7 - Remove Redhat splash screen images 1.4.8-5.7 - fix broken patch for CVE-2009-1579 1.4.8-5.6 - fix broken patch for CVE-2009-1579 1.4.8-5.5 - don't ship patch backup files 1.4.8-5.4 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 : Server-side code...