Design/Logic Flaw

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which...

CVE-2015-1327 Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which...

Directory Traversal

harp is vulnerable to directory traversal. The attack exists due to the ignorance of the harp server rules for the file path starting with underscore, allowing an unauthorized listing of the files in another folder of web root...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

Information disclosure

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...

Design/Logic Flaw

An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...

CVE-2019-1010257

An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...

CVE-2018-11789

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd...

Zip Slip Vulnerability

Apache Karaf is vulnerable to zip slip. The vulnerability exists because it does not validate the presence of .. in the file path before performing the extraction of files from the "repository/" and "resources/" entries in the zip file and directly writing the content to its repository and...

WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload

Exploit Title : WordPress Ultimate-Member Plugins 2.0.38 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/02/2019 Vendor Homepage : ultimatemember.com Software Download Link : downloads.wordpress.org/plugin/ultimate-member.2.0.38.zip Software...

Directory Traversal

mcstatic is vulnerable to directory traversal. The vulnerability is possible because it does not handle the file name parameter properly, allowing the attacker to read arbitrary files on the target server by appending ../ in the file path...

Stored Cross-Site Scripting Vulnerability in the Daimi CMS da***.me***.php File

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the Daimi CMS da.me.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading to user...

WordPress pitajte-strucnjaka 4.9.6 Shell Upload

Exploit Title : WordPress pitajte-strucnjaka Plugins 4.9.6 Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/01/2019 Vendor Homepage : wordpress.org Software Information Link : bol.rs/pitajte-strucnjaka Software Version : 4.9.6 Tested On : Windows...

WordPress Category Page Icons 3.6.1 CSRF / Shell Upload

Exploit Title : WordPress category-page-icons Plugins 3.6.1 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 17/01/2019 Vendor Homepage : wordpress.org wp-premiumplugins.com/category-page-icons/ wordpress.org/plugins/category-page-icons/ Softwar...

Information Disclosure

libreoffice is vulnerable to information disclosure attacks. The vulnerability exists by exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the...

CVE-2018-20703

CubeCart 6.2.2 has Reflected XSS via a /ADMIN-FILE/ query string...

UBUNTU-CVE-2018-20549

There is an illegal WRITE memory access at caca/file.c function cacafileread in libcaca 0.99.beta19...

WordPress cvp-irontec 4.8.3 Shell Upload

Exploit Title : WordPress cvp-irontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...