790 matches found
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact: https://twitter.com/0xB455 CVE: CVE-2018-14716 Category: webapps 1. Description An...
Trusted-Directory Bypass via Path Traversal
Smarty Trusted-Directory Bypass via Path Traversal\nVulnerability Overview\nSmarty 3.1.32 or below is prone to a path traversal vulnerability due\nto insufficient sanitization of code in Smarty templates. This allows\nattackers controlling the Smarty template to bypass the trusted\ndirectory...
Trusted-Directory Bypass via Path Traversal
Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...
Twig < 2.4.4 - Server Side Template Injection Vulnerability
Exploit for php platform in category web applications Vulnerability details: Exploit Title: Twig Output: 16 2. POC: http://localhost/search?searchkey=44 OUTPUT: 4 http://localhost/search?searchkey=ls OUTPUT: list of files/directories etc…. 0day.today 2018-03-01...
Twig Server Side Template Injection
Vulnerability details: Exploit Title: Twig Output: 16 2. POC: http://localhost/search?searchkey=44 OUTPUT: 4 http://localhost/search?searchkey=ls OUTPUT: list of files/directories etca|...
Twig < 2.4.4 - Server Side Template Injection
Vulnerability details: Exploit Title: Twig Output: 16 2. POC: http://localhost/search?searchkey=44 OUTPUT: 4 http://localhost/search?searchkey=ls OUTPUT: list of files/directories etc…...
HTML Template Engine 1.0 Database Disclosure
| Title : html template engine 1.0 Database Disclosure Exploit | Author : indoushka | email : [email protected] | Tested on: windows 8.1 FranASSais V.Pro | Vendor : SourceForge: Kanator / http://adyou.me/4TVD ========================================================= !/usr/bin/perl -w Autho...
Debian DSA-4094-1 : smarty3 - security update
It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. C Tenable Network Security, Inc. The descriptive text and package checks in...
[SECURITY] [DSA 4094-1] smarty3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4094-1 [email protected] https://www.debian.org/security/ January 22, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
Debian DLA-1249-2 : smarty3 regression update
It was previously discovered that there was a code-injection vulnerability in smarty3, a PHP template engine. A via specially crafted filename in comments could result in arbitrary code execution. However, the fix in 3.1.10-2+deb7u2 was incorrect. For Debian 7 'Wheezy', this regression has been...
Smarty PHP Code Injection Vulnerability
New Digital Group Smarty is a template engine written in PHP by New Digital Group. A PHP code injection vulnerability exists in New Digital Group Smarty that stems from the program failing to filter template names. No details of the vulnerability are available at this time...
Cross-Site Scripting
EasyWidgets is vulnerable to cross-site scripting XSS. The Jinja2 template engine does not escape the TextArea contents, allowing attackers in inject and execute arbitrary code...
Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)
A remote code execution vulnerability exists in the Apache Struts2 using Freemarker template engine. An attacker could exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in execution of arbitrary code on the affected system...
Remote code execution
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz...
74cms at the front Desk The type parameter template engine injection vulnerability
This is a service end template injection vulnerabilities. Application/Home/Controller/MController.class.php apply'Mobile' redirectbuildmobileurl; $type = I'get. type','android','trim'; $androiddownloadurl = C'qscmsandroiddownload'? C'qscmsandroiddownload':"; $iosdownloadurl = C'qscmsiosdownload'?...
Arbitrary Command Execution Vulnerability in Knight CMS
Knight CMS Talent System is a professional talent system based on PHP+MYSQL. Knight CMS version 4.1.0 suffers from an arbitrary command execution vulnerability. Due to the Knight CMS V4.1.0 using the tp framework there is a template engine remote code execution vulnerability. Attackers can exploi...
Debian DLA-452-1 : smarty3 security update
Smarty3, a template engine for PHP, allowed remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by 'literal' in a template. For Debian 7 'Wheezy', these problems have been fixed in version 3.1.10-2+deb7u1. We recommend that you upgrade your smart...
[SECURITY] [DLA 452-1] smarty3 security update
Package : smarty3 Version : 3.1.10-2+deb7u1 CVE ID : CVE-2014-8350 Debian Bug : 765920 Smarty3, a template engine for PHP, allowed remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal/literalscript language=php" in a template. For Debi...
DLA-452-1 smarty3 - security update
Bulletin has no description...
[SECURITY] Fedora 21 Update: php-twig-1.20.0-1.fc21
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...