EUVD-2020-3405

Malware in sbrugna...

IntelMQ Manager Monitor Component OS Command Injection Vulnerability

IntelMQ Manager is a graphical interface for managing the configuration of the IntelMQ framework. An operating system command injection vulnerability exists in the 'send' function of the Inspect-tool of the Monitor component in IntelMQ Manager version 1.1.0 and later fixed in version 2.1.1, which...

CVE-2020-11016 Remote code execution in Message sending functionality in IntelMQ Manager

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

phpMyNewsLetter 0.6.10 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow an attacker ...

TCPDF 4.5.036/4.9.5 'params' Attribute Remote Code Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/39315/info TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the...

ghttpd 1.4.x Log() Function Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5960/info A buffer overflow has been reported in ghttpd which will allow arbitrary code to be executed with the privileges of the webserver. The overflow occurs when the argument to a 'GET' request is of excessive length...

Mantis 0.15.x/0.16/0.17.x JPGraph Remote File Include Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5504/info Mantis depends on include files to provide some functionality, such as dynamic generation of graphs. However, since Mantis does not properly validate the path to the include file, it is possible for attackers to...

PHPOpenChat 2.3.4/3.0.1 PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the...

Web Server Creator Web Portal 0.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for the...

OSCommerce 2.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP co...

DCP-Portal 5.0.1 editor.php root Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on a...

DCP-Portal 5.0.1 lib.php root Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on a...

SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion

SEC Consult Vulnerability Lab Security Advisory 20121203-0 ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...

TCPDF 4.5.0364.9.5 - params Attribute Remote Code Execution

TCPDF 4.5.0364.9.5 - params Attribute Remote Code Execution source: https://www.securityfocus.com/bid/39315/info TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute...

TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution

source: https://www.securityfocus.com/bid/39315/info TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver. Versio...

Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties

Exploit for unknown platform in category web applications ====================================================== Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties ====================================================== Arcadem Remote File Inclusion Flaw / SQL Injection Software: Arcadem 2.01...

FreeQBoard 1.01.1 - QB_Path Multiple Remote File Inclusions

FreeQBoard 1.01.1 - QBPath Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/21394/info FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to...

Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior Summary : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. There is a vulnerability in the current stable version of phpMyAdmin...

Kietu 23 - index.php Remote File Inclusion

Kietu 23 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, whi...

DotBr 0.1 - System.php3 Remote Command Execution

DotBr 0.1 - System.php3 Remote Command Execution source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitra...