1284 matches found
CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...
Design/Logic Flaw
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
Path traversal
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php...
IBM Sametime Information Disclosure Vulnerability (CNVD-2018-06309)
IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A security vulnerability exists in IBM Sametime. A remote attacker can exploit this...
Path traversal
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qqconnect2.0/API/class/ErrorCase.class.php or 3/ucenterapi/code/friend.php...
Proclaim File Download Vulnerability
Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search, etc. Proclaim is used in one of the support for online learning and watch multimedia content components. A file download vulnerability exists in...
Design/Logic Flaw
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/...
CVE-2018-7317
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/...
Information disclosure
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports...
Information disclosure
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts...
CVE-2018-7209
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports...
CVE-2018-7210
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts...
Path traversal
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php...
CVE-2012-3331
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048...
CVE-2018-6846
Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zbsystem/function/lib/upload.php...
Design/Logic Flaw
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...