68 matches found
VulnCheck KEV: CVE-2021-24969
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users...
TryGhost express-hbs 代码注入漏洞
TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...
Information Disclosure
express-handlebars is vulnerable to information disclosure. The vulnerability exists due to a the mixing of untrusted data with the express-handlebars options passed to the template data...
Squirrelly 信息泄露漏洞
npm Npm squirrelly is an application from the American company npm. It provides a modern, configurable and powerful Express template engine implemented in JavaScript. Squirrelly suffers from an information disclosure vulnerability that stems from mixing pure template data with engine configuratio...
CVE-2017-1613
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954...
CVE-2017-1613
CVE-2017-1613 affects IBM Connections 6.0 (Engagement Center). A remote, unauthenticated attacker could access non‑sensitive Engagement Center template data. Root cause and exact exploit details are not provided in the documents; exploitation status is listed as null in the sources. No remediatio...
IBM Connections Engagement Center Information Disclosure Vulnerability
IBM Connections Engagement Center is a set of digital work platforms for employees at IBM in the United States. The platform allows for the addition of email, apps, news, and social tools through an administrative interface. An information disclosure vulnerability exists in IBM Connections...
PHP-RESIDENCE <= 0.7.2 - Multiple LFI Vulnerability
No description provided by source. '/ -.- --------------------oOO------OOo------------------- | PHP-RESIDENCE = 0.7.2 Multiple LFI Vulnerability | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r cr4wl3r!linuxmail.org ! Download...