21413 matches found
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
A directory traversal vulnerability in the Foobla Suggestions comfooblasuggestions component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-2920 info: name: Joomla! Component Foobla...
Joomla! Component JotLoader 2.2.1 - Local File Inclusion
A directory traversal vulnerability in the JotLoader comjotloader component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File...
Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via 1 "//" multiple leading slash, 2 ../ dot dot sequences, and encoded dot dot sequences in a URL...
Joomla! Component jesectionfinder - Local File Inclusion
A directory traversal vulnerability in the JExtensions JE Section/Property Finder jesectionfinder component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. id: CVE-2010-2680 info: name: Joomla!...
phpMyAdmin 5.0.2 - CRLF Injection
phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable. id: CVE-2020-11441 info: name: phpMyAdmin 5.0.2 - CRLF Injecti...
Solara <1.35.1 - Local File Inclusion
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...
Joomla! Component JRadio - Local File Inclusion
A directory traversal vulnerability in JRadio comjradio component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-4719 info: name: Joomla! Component JRadio - Local File Inclusion...
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences /../, conduct directory traversal attacks, and view arbitrary files. id: CVE-2018-19326 info: name: Zyxel VMG1312-B10D...
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files...
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
A directory traversal vulnerability in the JE Form Creator comjeformcr component for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the...
Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...
Spring Framework - Path Traversal
Spring Framework MVC applications deployed as WAR or with embedded Servlet containers that do not reject suspicious URI sequences and serve static resources with Spring resource handling contain a path traversal vulnerability, letting attackers access unauthorized files, exploit requires...
mTheme Unus < 2.3 - Directory Traversal
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
A directory traversal vulnerability in the Dione Form Wizard aka FDione or comdioneformwizard component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-2045 info: name: Joomla! Component...
Microweber < 1.2.11 - CRLF Injection
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...
SolarView Compact < 6.00 - Directory Traversal
SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1 and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super typ...