WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval

WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative...

WordPress RobotCPA 5 - Directory Traversal

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

Dompdf < v0.6.0 - Local File Inclusion

A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a...

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

TermTalk Server 3.24.0.2 - Local File Inclusion

TermTalk Server TTServer 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve. id: CVE-2021-35380 info: name: TermTalk Server 3.24.0.2 - Local File...

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting

ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. id: CVE-2021-46387 info: name: Zyxel ZyWALL 2...

WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal

A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the dewfile parameter. id: CVE-2013-7240 info: name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal author...

Joomla! ProDesk 1.0/1.2 - Local File Inclusion

Joomla! Pro Desk Support Center comprodesk component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. dot dot in the includefile parameter to index.php. id: CVE-2008-6222 info: name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo severity: medium description:...

Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion

A directory traversal vulnerability in the MT Fire Eagle commtfireeagle component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1719 info: name: Joomla! Component ...

Joomla! Component VJDEO 1.0 - Local File Inclusion

A directory traversal vulnerability in the VJDEO comvjdeo component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1354 info: name: Joomla! Component VJDEO 1.0 - Local File Inclusion author: daffain...

Joomla! Component redSHOP 1.0 - Local File Inclusion

A directory traversal vulnerability in the redSHOP comredshop component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1531 info: name: Joomla! Component redSHOP 1.0 - Local File Inclusion author: daffainfo...

Microstrategy Web 7 - Local File Inclusion

Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" in the parameter subpage. Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application. NOTE: this i...

Joomla! Component JA Comment - Local File Inclusion

A directory traversal vulnerability in the JA Comment comjacomment component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1601 info: name: Joomla! Component JA Comment - Local File Inclusion author: daffainfo severit...

Joomla! Component iF surfALERT 1.2 - Local File Inclusion

A directory traversal vulnerability in the iF surfALERT comifsurfalert component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1717 info: name: Joomla! Component i...

Joomla! Component Online Market 2.x - Local File Inclusion

A directory traversal vulnerability in the Online Market commarket component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1722 info: name: Joomla! Component Onlin...

Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion

A directory traversal vulnerability in the Deluxe Blog Factory comblogfactory component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1955 info: name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local Fi...

Apache Struts - Multiple Open Redirection Vulnerabilities

Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. id: CVE-2013-2248 info: name: Apache Struts - Multiple Open Redirection Vulnerabilities author: 0xAkoko severity: medium description: Apache Struts is prone ...

Joomla! Component RWCards 3.0.11 - Local File Inclusion

A directory traversal vulnerability in captcha/captchaimage.php in the RWCards comrwcards 3.0.11 component for Joomla! when magicquotesgpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. id: CVE-2008-6172 inf...

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. id: CVE-2017-15363 info: name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local...

WordPress Sniplets 1.1.2 - Local File Inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...