Server side request forgery (ssrf)

An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...

CVE-2019-11574

An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...

Kravchuk letter script 1.0 (scdir) Remote File Inclusion Vulnerabilities

No description provided by source. ++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++ + K-letter 1.0 Remote File include + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + DownloadScript: http://www.scripts.com.ua/download.php?ID=813 +...

kletter-rfi.txt

++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++ + K-letter 1.0 Remote File include + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + DownloadScript: http://www.scripts.com.ua/download.php?ID=813 +...

Kravchuk letter script 1.0 - scdir Remote File Inclusion

Kravchuk letter script 1.0 - scdir Remote File Inclusion ++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++ + K-letter 1.0 Remote File include + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + DownloadScript: http://www.scripts.com.ua/download.php?ID=813...

Code injection

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the 1 Sub-name or 2 Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php...