67 matches found
CVE-2017-1000228
CVE-2017-1000228 affects nodejs ejs: any versions older than 2.5.3 are vulnerable to remote code execution due to weak input validation in ejs.renderFile(). Explanation: this is a concrete vulnerability with multiple coordinated disclosures (NVD entry and corroborating reports in GHSA, Debian, CN...
CVE-2017-1000189
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...
nodejs ejs remote code execution vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-05372)
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS...
FreePBX 13.0.x Code Execution
Vulnerable software : Freepbx Tested versions : 13.0.x $this-commandline = $commandline; $this-cwd = $cwd; Line 275 $commandline = $this-commandline; if '\' === DIRECTORYSEPARATOR && $this-enhanceWindowsCompatibility $commandline = 'cmd /V:ON /E:ON /C "'.$commandline.''; foreach...
FreePBX 13.0.x 13.0.154 - Remote Command Execution
FreePBX 13.0.x 13.0.154 - Remote Command Execution Vulnerable software : Freepbx Tested versions : 13.0.x $this-commandline = $commandline; $this-cwd = $cwd; Line 275 $commandline = $this-commandline; if '\' === DIRECTORYSEPARATOR && $this-enhanceWindowsCompatibility $commandline = 'cmd /V:ON...
TCLhttpd 3.4.2 - Directory Listing Disclosure
TCLhttpd 3.4.2 - Directory Listing Disclosure source: https://www.securityfocus.com/bid/8687/info It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation...