68229 matches found
LG-Ericsson iPECS NMS 30M - Local File Inclusion
Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...
Rubedo CMS <=3.4.0 - Directory Traversal
Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. id: CVE-2018-16836 info: name:...
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI. id: CVE-2018-16133 info: name: Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion author: 0xAkoko severity: medium description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI...
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 is vulnerable to cross-site scripting. id: CVE-2018-18570 info: name: Planon Live Build 41 - Cross-Site Scripting author: emadshanab severity: medium description: Planon before Live Build 41 is vulnerable to cross-site scripting. impact: | Successful exploitation of th...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. id: CVE-2018-19877 info: name: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting author: arafatansari severity: medium description: | Adiscon LogAnalyzer before 4.1.7...
Gogs (Go Git Service) 0.11.66 - Remote Code Execution
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. id: CVE-2018-18925 info: name: Go...
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences /../, conduct directory traversal attacks, and view arbitrary files. id: CVE-2018-19326 info: name: Zyxel VMG1312-B10D...
DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php,...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. id: CVE-2018-19136 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting v...
ACME mini_httpd <1.30 - Local File Inclusion
ACME minihttpd before 1.30 is vulnerable to local file inclusion. id: CVE-2018-18778 info: name: ACME minihttpd 1.30 - Local File Inclusion author: DhiyaneshDK,dogasantos severity: medium description: ACME minihttpd before 1.30 is vulnerable to local file inclusion. impact: | Successful...
Monstra CMS <=3.0.4 - Cross-Site Scripting
Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...
D-Link Routers - Local File Inclusion
D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /...
Ncomputing vSPace Pro 10 and 11 - Directory Traversal
Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability. id: CVE-2018-10201 info: name: Ncomputing vSPace Pro 10 and 11 - Directory Traversal author: 0xakoko severity: high description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal...
SugarCRM 3.5.1 - Cross-Site Scripting
SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string aka a $key variable. id: CVE-2018-5715 info: name: SugarCRM 3.5.1 - Cross-Site Scripting author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site...
Anchor CMS 0.12.3 - Error Log Exposure
Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred. id: CVE-2018-7251 info: name: Anchor CMS 0.12.3 ...
WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter. id: CVE-2018-5316 info: name: WordPress SagePay Server Gateway for WooCommerce 1.0.9 - Cross-Site Scripting author: daffainfo severity: medium...
Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. id: CVE-2018-20824 info: name: Atlassian Jira WallboardServlet 7.13.1 - Cross-Site Scripting author:...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...
Tarantella Enterprise <3.11 - Local File Inclusion
Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion. id: CVE-2018-19753 info: name: Tarantella Enterprise 3.11 - Local File Inclusion author: 0xAkoko severity: high description: | Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion...