44 matches found
CVE-2023-39319
The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...
AZL-28694 CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...
CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...
CVE-2023-39319
The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...
SUSE CVE-2023-39318
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...
SUSE CVE-2023-39319
The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...
LoudBlog <= 0.6.1 (parsedpage) Remote Code Execution Vulnerability
No description provided by source. ---- Loudblog Remote Code Execution ... ITDefence.ru Antichat.ru Loudblog = 0.6.1 Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // /...
Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability
No description provided by source. Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH.templates/.$templatename./.$pfilename; $fp = @fopen$filename, r; if !$fp && isbool$fp $fp = $fp = @fopen$MOAPATH.templates/MoaDefault/.$pfilename, r;...
ZPanel templateparser.class.php - Crafted Template Remote Command Execution
No description provided by source. Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor templater system that...
ZPanel - 'templateparser.class.php' Crafted Template Remote Command Execution
Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater" system that basically consists of a few...
CVE-2012-5777
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...
Sql injection
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...
CVE-2012-5777
CVE-2012-5777 affects EmpireCMS 6.6, specifically the template parser’s ReplaceListVars function in e/class/connect.php. The issue is an eval injection that allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted template, leading to potential full web-server compromise...
CVE-2012-5777
Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...
EmpireCMS 6.6 PHP Code Execution Vulnerability
EmpireCMS version 6.6 template parser suffers from a remote PHP code execution vulnerability. Exploit Title: EmpireCMS Template Parser Remote PHP Code Execution Vulnerability Date: 2012-11-1 Author: flyh4t Software Link: http://www.phome.net Version: EmpireCMS 6.6 CVE : EmpireCMS Template Parser...
EmpireCMS 6.6 PHP Code Execution
Exploit Title: EmpireCMS Template Parser Remote PHP Code Execution Vulnerability Date: 2012-11-1 Author: flyh4t Software Link: http://www.phome.net Version: EmpireCMS 6.6 CVE : EmpireCMS Template Parser Remote PHP Code Execution Vulnerability --------------------------------- By fly...
Moa Gallery 1.2.0 - p_filename Remote File Disclosure
Moa Gallery 1.2.0 - pfilename Remote File Disclosure Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp =...
Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability
No description provided by source. Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp =...
Moa Gallery 1.2.0 File Disclosure
Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp = @fopen$MOAPATH."templates/MoaDefault/".$pfilename, "r"; POC...
Moa Gallery 1.2.0 - 'p_filename' Remote File Disclosure
Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp = @fopen$MOAPATH."templates/MoaDefault/".$pfilename, "r"; POC...