CVE-2021-47728 Selea Targa IP Camera Remote Code Execution via Utils

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

GHSA-9436-3GMP-4F53 grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction, which allows to execute the payload prepending double backslash \ Details The isDangerousFunction check in...

Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com !/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page:...

CVE-2011-3812

Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files...

CVE-2011-3812

Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files...

CVE-2007-4163

Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the 1 catid, 2 startid, 3 rowparentid, and 4 rowcatid parameters to unspecified components, related to use of these parameters within include/utils.php...

DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== DBGuestbook 1.1 dbsbasepath Remote File Include Vulnerabilities =================================================================== DBGuestBook 1.1 Found by Denven ERROR:...

CVE-2006-1289

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, 3 team, 4 level, 5 status, 6 teamname, and 7 teamlead parameters in a auth.php; the 8 username, 9 action, and 10 filter...

Sql injection

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, 3 team, 4 level, 5 status, 6 teamname, and 7 teamlead parameters in a auth.php; the 8 username, 9 action, and 10 filter...