WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting

WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

vBulletin <= 4.2.3 - SQL Injection

vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database. id: CVE-2016-6195 info: name:...

BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

Joomla! RSfiles <=1.0.2 - Local File Inclusion

Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component comrsfiles. This could allow remote attackers to arbitrarily read files via a .. dot dot in the path parameter in a files.display action. id: CVE-2007-4504 info: name: Joomla! RSfiles...

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

PaperCut - Unauthenticated Remote Code Execution

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

Joomla! Cmimarketplace 0.1 - Local File Inclusion

Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because comcmimarketplace allows remote attackers to list arbitrary directories via a .. dot dot in the viewit parameter to index.php. id: CVE-2009-1496 info: name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainf...

Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion

Joomla! Omilen Photo Gallery comomphotogallery component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. id: CVE-2009-4202 info: name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion...

Joomla! Portfolio Nexus - Remote File Inclusion

Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF comifnexus component that allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2009-4679 info: name: Joomla! Portfol...

Autonomy Ultraseek - Open Redirect

Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...

KR-Web <=1.1b2 - Remote File Inclusion

KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter. id: CVE-2009-4223 info: name: KR-Web =1.1b2 - Remote File Inclusion author: geeknik severity: high...

Horde/Horde Groupware - Local File Inclusion

Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name. id: CVE-2009-0932 inf...

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

PHPJabbers Food Delivery Script - SQL Injection

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...

rConfig 3.9.4 - Server-Side Request Forgery

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39110 info: name: rConfig 3.9.4 - Server-Side...