Security
Headlines
HeadlinesLatestCVEs

Tag

#php

PKP-WAL 3.4.0-3 Remote Code Execution

PKP Web Application Library (PKP-WAL) versions 3.4.0-3 and below, as used in Open Journal Systems (OJS), Open Monograph Press (OMP), and Open Preprint Systems (OPS) before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability.

Packet Storm
Open in Source
#vulnerability#web#js#git#php#rce#perl
osCommerce 4.13-60075 Shell Upload

osCommerce version 4.13-60075 suffers from a remote shell upload vulnerability.

CVE-2023-6553: Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution — Wordfence Intelligence

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.

New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now

Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar. "Security inside a local network is often

CVE-2023-48382: 中華數位科技 Mail SQR Expert - Local File Inclusion-2

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE-2023-48381: 中華數位科技 Mail SQR Expert - Local File Inclusion-1

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE-2023-4694: Certain HP OfficeJet Pro Printers – Potential Denial of Service

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.

CVE-2023-50011: PopojiCMS 2.0.1 Remote Command Execution ≈ Packet Storm

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.

CVE-2023-50073: EmpireCMS v7.5 SetEnews.php has sql injection vulnerability · Issue #7 · leadscloud/EmpireCMS

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

CVE-2023-50563: Cms_Vuls_test/Semcms/Semcms_Sql_Inject.md at main · SecBridge/Cms_Vuls_test

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.