3 matches found
CVE-2021-27231
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...
CVE-2024-4347 WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion
The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the...
PHP 5.2.6 - 'chdir()' Function http URL Argument Safe_mode Restriction Bypass
source: https://www.securityfocus.com/bid/29796/info PHP is prone to multiple 'safemode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible. Exploiting these issues allows...