Lucene search
K

44 matches found

NVD
NVD
added 2023/09/08 5:15 p.m.35 views

CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

6.1CVSS6.8AI score0.00798EPSS
Exploits0References6
OSV
OSV
added 2023/09/08 5:15 p.m.7 views

AZL-28694 CVE-2023-39318 affecting package golang for versions less than 1.20.10-1

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...

6.1CVSS6.6AI score0.00815EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/09/08 5:15 p.m.36 views

CVE-2023-39318

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2023/09/08 4:13 p.m.17 views

CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

6.1CVSS6.9AI score0.00798EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/09/07 2:34 a.m.5 views

SUSE CVE-2023-39318

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS atta...

6.8CVSS6.7AI score0.00815EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/09/07 2:34 a.m.2 views

SUSE CVE-2023-39319

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

6.8CVSS6.5AI score0.00798EPSS
Exploits0References13
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

LoudBlog <= 0.6.1 (parsedpage) Remote Code Execution Vulnerability

No description provided by source. ---- Loudblog Remote Code Execution ... ITDefence.ru Antichat.ru Loudblog = 0.6.1 Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability

No description provided by source. Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH.templates/.$templatename./.$pfilename; $fp = @fopen$filename, r; if !$fp && isbool$fp $fp = $fp = @fopen$MOAPATH.templates/MoaDefault/.$pfilename, r;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

ZPanel templateparser.class.php - Crafted Template Remote Command Execution

No description provided by source. Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor templater system that...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/04/16 12:0 a.m.26 views

ZPanel - &#039;templateparser.class.php&#039; Crafted Template Remote Command Execution

Hi all, There's an arbitrary PHP code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root. The vulnerability: ZPanel uses a poor "templater" system that basically consists of a few...

7.4AI score
Exploits0
NVD
NVD
added 2012/11/16 12:55 a.m.16 views

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

6.8CVSS7.7AI score0.02211EPSS
Exploits3References5
Prion
Prion
added 2012/11/16 12:55 a.m.27 views

Sql injection

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

6.8CVSS8.2AI score0.02211EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2012/11/16 12:0 a.m.56 views

CVE-2012-5777

CVE-2012-5777 affects EmpireCMS 6.6, specifically the template parser’s ReplaceListVars function in e/class/connect.php. The issue is an eval injection that allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted template, leading to potential full web-server compromise...

6.8CVSS7.9AI score0.02211EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2012/11/16 12:0 a.m.20 views

CVE-2012-5777

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

7.7AI score0.02211EPSS
Exploits3References5
0day.today
0day.today
added 2012/11/06 12:0 a.m.40 views

EmpireCMS 6.6 PHP Code Execution Vulnerability

EmpireCMS version 6.6 template parser suffers from a remote PHP code execution vulnerability. Exploit Title: EmpireCMS Template Parser Remote PHP Code Execution Vulnerability Date: 2012-11-1 Author: flyh4t Software Link: http://www.phome.net Version: EmpireCMS 6.6 CVE : EmpireCMS Template Parser...

7.7AI score0.02211EPSS
Exploits3
Packet Storm
Packet Storm
added 2012/11/06 12:0 a.m.51 views

EmpireCMS 6.6 PHP Code Execution

Exploit Title: EmpireCMS Template Parser Remote PHP Code Execution Vulnerability Date: 2012-11-1 Author: flyh4t Software Link: http://www.phome.net Version: EmpireCMS 6.6 CVE : EmpireCMS Template Parser Remote PHP Code Execution Vulnerability --------------------------------- By fly...

6.8CVSS0.1AI score0.02211EPSS
Exploits3
exploitpack
exploitpack
added 2009/08/26 12:0 a.m.11 views

Moa Gallery 1.2.0 - p_filename Remote File Disclosure

Moa Gallery 1.2.0 - pfilename Remote File Disclosure Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp =...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2009/08/26 12:0 a.m.17 views

Moa Gallery &lt;= 1.2.0 (p_filename) Remote File Disclosure Vulnerability

No description provided by source. Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp =...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/08/26 12:0 a.m.18 views

Moa Gallery 1.2.0 File Disclosure

Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp = @fopen$MOAPATH."templates/MoaDefault/".$pfilename, "r"; POC...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/08/26 12:0 a.m.32 views

Moa Gallery 1.2.0 - &#039;p_filename&#039; Remote File Disclosure

Moa Gallery = 1.2.0 Remote File Disclosure Vulnerability Code In sources\templateparser.php $filename = $MOAPATH."templates/".$templatename."/".$pfilename; $fp = @fopen$filename, "r"; if !$fp && isbool$fp $fp = $fp = @fopen$MOAPATH."templates/MoaDefault/".$pfilename, "r"; POC...

7.4AI score
Exploits0
Rows per page
Query Builder