350 matches found
SPIP 3.1.13.1.2 - File Enumeration Path Traversal
SPIP 3.1.13.1.2 - File Enumeration Path Traversal SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...
CVE-2016-3321
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure...
CVE-2016-3321
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure...
Recycle Bin Files
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92429; scriptversion"1.6"; scriptcvsdate"Date: 2018/11/15 20:50:27"; scriptnameenglish:"Recycle Bin Files"; scriptsummaryenglish:"Repo...
Foxit History
Nessus was able to query the system to generate a list of files opened by Foxit programs. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92420; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/16...
ExpressionEngine: Filename and directory enumeration
Hello, The "Import File Converter" can be abused by an admin to map the server directories and files, because the "File location" field doesn't sanitize the user input and allows access to root directories and files. Steps to reproduce: 1- Go to...
Pulse Connect Secure Request Forgery Vulnerability
Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to enumerate files, read...
CVE-2016-4791
The administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery SSRF attacks via unspecified vectors...
CVE-2016-4791
The administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery SSRF attacks via unspecified vectors...
PT-2016-6145 · Pulse · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r8 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: The administrative...
Ipswitch MOVEit DMZ < 8.2 Multiple Vulnerabilities
The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 8.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Send as Attachment feature due to improper sanitization of user-supplied input to the 'serverFileIds' parameter of mobile/sendMsg and th...
Shopify: File name and folder enumeration.
Hello, An attacker can enumerate your sensitive files and folder such as configuration files name via the timezone parameter in cube.csv: GET...
WordPress WP Marketplace Plugin <= 1.2.1 - Multiple Vulnerabilities
This plugin is prone to file enumeration weakness and file upload vulnerabilities. Because of them, attackers can disclose sensitive information, upload and execute arbitrary script code in the context of the webserver. Solution Update the plugin...
AZBB 1.0.07d - Multiple Vulnerabilities
AZBB 1.0.07d - Multiple Vulnerabilities AZBB Multiple Vulnerabilities Vendor: AZBB Product: AZBB Version: = 1.0.07d Website: http://azbb.cyaccess.com/ BID: 13272 13278 CVE: CVE-2005-1200 CVE-2005-1201 OSVDB: 15700 15701 15702 15703 SECUNIA: 15013 PACKETSTORM: 37792 Description: azbb is a forum th...
AZBB < 1.0.07d - Multiple Vulnerabilities
AZBB Multiple Vulnerabilities Vendor: AZBB Product: AZBB Version: = 1.0.07d Website: http://azbb.cyaccess.com/ BID: 13272 13278 CVE: CVE-2005-1200 CVE-2005-1201 OSVDB: 15700 15701 15702 15703 SECUNIA: 15013 PACKETSTORM: 37792 Description: azbb is a forum that was written with a primary focus on...
Sparty - MS Sharepoint and Frontpage Auditing Tool
Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the...
WP Marketplace 1.2.1 - File Enumeration Weakness & File Upload Vulnerabilities
The wpmarketplace WordPress plugin was affected by a File Enumeration Weakness & File Upload Vulnerabilities security vulnerability...
Walla TeleSite 3.0 ts.exe sug Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosure, file...
Walla TeleSite 3.0 ts.exe sug Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosure, file...
Walla TeleSite 3.0 ts.cgi File Existence Enumeration
No description provided by source. source: http://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosure, file...