138 matches found
CVE-2017-11583
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php...
CVE-2017-11584
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php...
Arbitrary Code Execution
twig is vulnerable to arbitrary code execution. Attackers can execute code by leveraging a flaw in the displayBlock function in Template.php through the self variable. This can only be exploited when Sandbox mode is enabled...
FineCMS multi vulnerablity
Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...
CVE-2016-5834
Cross-site scripting XSS vulnerability in the wpgetattachmentlink function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833...
CVE-2016-5834
Cross-site scripting XSS vulnerability in the wpgetattachmentlink function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833...
CVE-2016-5834
CVE-2016-5834 corresponds to a cross-site scripting (XSS) vulnerability in WordPress where the wp_get_attachment_link function in wp-includes/post-template.php could be exploited by a crafted attachment name to inject arbitrary script or HTML. Affected product: WordPress prior to version 4.5.3. R...
CVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
CVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
Code injection
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
CVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
CVE-2015-7809
Removed by vendor...
Updated dokuwiki packages fix security vulnerabilities
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access...
CVE-2014-8761
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call...
JV2 Folder Gallery <= 3.0 - Remote File Include Vulnerability
No description provided by source. Greatz to:AsB-MaY TeAm & HaCk.eGy & To0oFa ScRiPt:-http://foldergallery.jv2.net/download.php?file=foldergallery3.0.2 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm template.php:- ?php include $galleryfilesdir./galleryfooter.php; ? ExPlOiT:...
Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...
Php Blue Dragon CMS <= 2.9.1 (template.php) File Include Vulnerability
No description provided by source. ----------------------------------------------------- Advisory id: FSA:015 Author: Federico Fazzi Date: 14/06/2006, 18:20 Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability Type: high Product: http://phpbluedragon.net/ Patch: unavailable...
ispCP Omega <= 1.0.4 - Remote File Include Vulnerability
No description provided by source. + ispCP Omega = 1.0.4 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://isp-control.net/ + Dork: Powered by ispCP Omega + Code in ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php x ?php...
doyo 2.3 /template.php 本地文件包含漏洞
DOYO在template传参时,由于Template.php对传入文件路径的处理不当,逻辑错误,导致可包含任意文件(含相对路径)。 doyo 2.3...
FreeBSD : Dokuwiki -- XSS vulnerability (2fe4b57f-d110-11e1-ac76-10bf48230856)
Secunia Research reports : Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the 'ns' POST parameter in lib/exe/ajax.php when 'call' is set to 'medialist' and 'do' is set to 'media' is n...