PT-2024-27806 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through the License endpoint /admin/CDPUsers, which could allow a remote user to execute arbitrary code. Recommendations: For...

libxml2: Incorrect server side include parsing can lead to XSS

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

The vulnerability of the Cockpit server management system arises from improper handling of file names for PHP `include` or `require` functions, allowing an attacker to execute arbitrary code.

The vulnerability of the Cockpit server management system is related to incorrect handling of file names for PHP functions like include or require. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-1728

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection. This issue affects LMS: before 23.04.03...

CVE-2023-1728

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection.This issue affects LMS: before 23.04.03...

Design/Logic Flaw

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection.This issue affects LMS: before 23.04.03...

CVE-2023-1728 Unrestricted Upload of File with Dangerous Type in Fernus LMS

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection. This issue affects LMS: before 23.04.03...

CVE-2023-1728 Unrestricted Upload of File with Dangerous Type in Fernus LMS

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include SSI Injection. This issue affects LMS: before 23.04.03...

Fernus Informatics LMS 代码问题漏洞

Fernus Informatics LMS is a Learning Management System from Fernus, Turkey. A code issue vulnerability exists in Fernus Informatics LMS versions prior to 23.04.03, which stems from the presence of an Unlimited Upload of Dangerous Types of Files vulnerability. An attacker exploiting this...

SUSE CVE-2013-4315

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...

SUSE CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

libxml2: Incorrect server side include parsing can lead to XSS

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

RLSA-2022:7715 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

The vulnerability in the built-in software of NETGEAR Wi-Fi routers such as D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WNR2020 stems from incorrect code generation. This allows attackers to execute attacks on the server side using Server Side Include Injection (SSI).

The vulnerability of the built-in Wi-Fi router software of NETGEAR models D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WNR2020 is related to...

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D7800, DM200, EX2700, EX6150v2, EX6100v2, EX6200v2, EX6250, EX6410, EX6420, EX6400v2, EX7300, EX6400, EX7320, EX7300v2, R7500v2, R7800, R8900, R9000, RAX120, RBK40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, RBS50Y, and WN3000RPv2, WN3000RPv3, WNR2000v5, XR500, XR700, lies in the insufficient cleaning of special elements in the output data used by the incoming component. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D7800, DM200, EX2700, EX6150v2, EX6100v2, EX6200v2, EX6250, EX6410, EX6420, EX6400v2, EX7300, EX6400, EX7320, EX7300v2, R7500v2, R7800, R8900, R9000, RAX120, RBK40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50,...

The vulnerability in the built-in software of NETGEAR Wi-Fi routers such as D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, and RBS50Y stems from incorrect code generation. This allows attackers to execute attacks on the server side using Server Side Include Injection (SSI).

The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models D6200, D7000, R6020, R6080, R6050, JR6150, R6120, R6220, R6230, R6260, R6800, R6900v2, R6700v2, R7450, AC2100, AC2400, AC2600, RBK40, RBR40, RBS40, RBK20, RBR20, RBS20, RBK50, RBR50, RBS50, and RBS50Y, is relat...

The vulnerability of NETGEAR’s Wi-Fi routers, namely RBK40, RBR40, and RBS40, stems from improper handling of the cryptographic generation process. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, namely RBK40, RBR40, and RBS40, is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to execute a Server Side Include Injection SSI attack...

The vulnerability of NETGEAR’s Wi-Fi routers, namely RBK40, RBR40, and RBS40, stems from improper handling of the cryptographic generation process. This allows attackers to execute a Server Side Include Injection (SSI) attack.

The vulnerability of the built-in Wi-Fi router software from NETGEAR, namely RBK40, RBR40, and RBS40, is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to perform a Server Side Include Injection attack...

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include SSI directive. IBM X-Force ID: 199915...

Code injection

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include SSI directive. IBM X-Force ID: 199915...