CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

CVE-2026-0611 Spacelabs Healthcare Sentinel 10.5.x < 11.6.0 Unauthenticated RCE via .NET Remoting

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

Exploit for CVE-2025-52691

CVE-2025-52691 SmarterMail Unauthenticated Arbitrary File U...

CVE-2018-25071

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insertlog of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this...

Sql injection

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insertlog of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this...

CVE-2018-25071 roxlukas LMeve proxy.php insert_log sql injection

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insertlog of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this...

CVE-2018-25071

CVE-2018-25071 affects roxlukas LMeve up to 0.1.58. The vulnerability is in the function insert_log of wwwroot/ccpwgl/proxy.php, where manipulation of the fetch parameter enables SQL injection. The issue is mitigated by upgrading to version 0.1.59-beta (patch identified as c25ff7fe83a2cda1fcb365b...

Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1818/info Microsoft IIS 3.0 came with a sample program, newdsn.exe, installed by default in the directory wwwroot/scripts/tools/. Execution of this program with a properly submitted URL could allow for remote file creatio...

FileSeek CGI Script File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from The CGI/Perl Cookbook from John Wiley & Sons. The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server...

Working Resources BadBlue 1.5/1.6 Triple-Dot-Slash Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4179/info Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments. BadBlue is prone to directory traversal attacks. It is possible for a remote...

HP Managed Printing Administration jobAcct Remote Command Execution

This Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and before. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory...

HP Managed Printing Administration jobAcct Remote Command Execution

This module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and prior versions. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory travers...

Design/Logic Flaw

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...

DDLCMS v2. 1 Remote File inclusion vulnerability-vulnerability warning-the black bar safety net

DDLCMS v2. 1 program thanks. php page there is a remote file inclusion vulnerability Vulnerability file:thanks.php Code: includeWWWROOT . 'skins/' . $skin . '/header.php'; // line 46 includeWWWROOT . 'leftside.php'; Poc: the"skin" parameter in FILE thanks.php is not Defined which can allow remote...

Microsoft IIS文件更改通知本地权限提升漏洞（MS08-005）

BUGTRAQ ID: 27101 CVECAN ID: CVE-2008-0074 Microsoft Internet信息服务（IIS）是Microsoft Windows自带的一个网络信息服务器，其中包含HTTP服务功能。 IIS处理FTPRoot、NNTPFile\Root和WWWRoot文件夹中文件变化通知的方式存在本地权限提升漏洞，成功利用这个漏洞的攻击者可以在本地系统安全环境中执行任意指令。 Microsoft IIS 7.0 Microsoft IIS 6.0 Microsoft IIS 5.1 Microsoft IIS 5.0 临时解决方法： 在Windows...