209 matches found
Directory traversal
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
Fedora 38 : moodle (2023-6880309d0e)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6880309d0e advisory. Latest updates Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
CVE-2023-28440
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...
Design/Logic Flaw
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...
CVE-2023-28440 Denial of service via admin theme import route in Discourse
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...
CVE-2023-28440 Denial of service via admin theme import route in Discourse
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...
CVE-2023-28440 Denial of service via admin theme import route in Discourse
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...
PT-2023-21723 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.3 Discourse versions prior to 3.1.0.beta4 Description: Discourse is an open source platform for community discussion. A maliciously crafted request from a Discourse administrator can lead to a long-running...
SUSE CVE-2008-1924
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...
SUSE CVE-2013-3735
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service memory consumption and application crash via a crafted function definition, as demonstrated by an atta...
CVE-2021-27231
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...
Design/Logic Flaw
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...
CVE-2021-27231
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...
CVE-2021-27231
CVE-2021-27231 affects Hestia Control Panel 1.3.5 and below in a shared-hosting environment. The vulnerability allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. The provided documents describe the iss...
CVE-2020-15239
In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...
Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...
phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution
phpMussel is an ideal solution for shared hosting environments, where it's often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses,malware and other threats within files uploaded to your system wherever t...
Automattic: Arbitrary File Download as Shopmanager
Due to a flaw in the way WooCommerce handles downloadable products, a shop manager can download arbitrary files on the server. The video shows the exploit and how simple it is: https://www.youtube.com/watch?v=bkrHpqht5SM The function responsible for validating the download file input is the...
CVE-2015-9253
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...