825 matches found
InfraPower PPS-02-S Q213V1 - Local File Disclosure
InfraPower PPS-02-S Q213V1 - Local File Disclosure InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...
web2py local file inclusion vulnerability
web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A local file inclusion vulnerability exists in the 'file' parameter in web2py version 2.14.5. An attacker can exploit this vulnerability by sending a...
Joomla 模块com_cckjseblod 参数file任意文件读取漏洞
No description provided by source...
Dell OpenManage Server Administrator 8.2 - (Authenticated) Directory Traversal
Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal Exploit Title: Dell OpenManage Server Administrator 8.2 Authenticated Directory Traversal Date: February 22, 2016 Exploit Author: hantwister Vendor Homepage: http://www.dell.com/ Software Link:...
CVE-2015-5076
Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...
WordPress IBS Mappro Plugin Absolute Path Traversal Vulnerability
WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.IBS Mappro is one of the travel map editor and viewer plugins. An absolute path traversal vulnerability exists in the...
(0Day) Borland AccuRev Reprise License Management Server Path Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland AccuRev. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rlmswitchprocess functionality of the Reprise License Manager service. The issue...
phpVibe 4.0 Arbitrary File Disclosure
In The Name Of ALLAH Exploit Title: phpVibe ALL versions version 4.0 and older versions Aribtrary File Disclosure Google Dork: "powered by phpvibe" Date: 2015/07/13 july 13th Exploit Author: ali ahmady -- Iranian Security Researcher snip3rirathotmail.com Vendor Homepage: http://www.phpvibe.com/...
phpVibe - Arbitrary File Disclosure
phpVibe - Arbitrary File Disclosure In The Name Of ALLAH Exploit Title: phpVibe ALL versions LFD vulnerability Google Dork: "powered by phpvibe" Date: 2015/07/13 july 13th Exploit Author: ali ahmady -- Iranian Security Researcher snip3rirathotmail.com Vendor Homepage: http://www.phpvibe.com/...
UBUNTU-CVE-2015-1493
Directory traversal vulnerability in the mingetslashargument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter, as demonstrated ...
Webgrind 'file' Parameter Cross-Site Scripting Vulnerability
Webgrind is a set of PHP execution time analysis tool . A cross-site scripting vulnerability exists in Webgrind's handling of the 'file' parameter, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...
eFront < 3.6.15.4 Build 18023 Multiple Vulnerabilities
According to its version number, the version of eFront running on the remote web server is affected by multiple vulnerabilities : - A path traversal vulnerability exists due to improper sanitization of user-supplied input to the 'file' parameter of the viewfile.php script. A remote attacker can...
Magento Server MAGMI plugin directory traversal vulnerability
Magento is the United States Magento company's set of professional open source PHP e-commerce system , it provides rights management , search engine and payment gateway features such as Magento Server is the Magento server . MAGMI aka Magento Mass Importer is one of the product catalogs used to...
CVE-2015-2084
Cross-site request forgery CSRF vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the imagefile parameter in an edit action in the...
CVE-2015-2084
Cross-site request forgery CSRF vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the imagefile parameter in an edit action in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the 1 datafile or 2 settingsfile parameter to ammap.swf, or 3 the datafile parameter to amtimeline.swf...
Design/Logic Flaw
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / forward slash character...
CVE-2012-6665
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from thi...
Directory traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter to mdm/mdmLogUploader...
LittleSite 0.1 'file' Parameter Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to...