WebPagetest < 2.7.2 file Parameter Traversal Arbitrary File Access

The WebPagetest install hosted on the remote web server fails to sanitize user input to the 'file' parameter of the 'gettext.php' script of directory traversal sequences before using it to return the contents of a file. An unauthenticated, remote attacker can exploit this to view the contents of...

Design/Logic Flaw

Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type aka monitor type name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2012-4394

CVE-2012-4394 (ownCloud XSS) : A cross-site scripting vulnerability affects ownCloud before version 4.0.5. The issue is in the JS file apps/files/js/filelist.js, allowing remote attackers to inject arbitrary web script or HTML via the file parameter. Impact is reflected in the user’s browser sess...

CVE-2012-2274

Cross-site scripting XSS vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2012-2274

Cross-site scripting XSS vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2012-3399

Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...

CVE-2012-1787

Multiple cross-site scripting XSS vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 URL, 2 FILE, or 3 DOMAIN parameters...

webgrind 1.0 - &#039;file&#039; Local File Inclusion

webgrind 1.0 file param Local File Inclusion Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 v1.02 in trunk on github Summary: Webgrind is an Xdebug profiling web frontend in PHP5. Desc: webgrind suffers from a file...

CVE-2012-1025

CVE-2012-1025 is an absolute path traversal vulnerability in Enigma2 Webinterface, affecting versions 1.6.0–1.6.8, 1.6rc3, and 1.7.0. The issue allows a remote attacker to read arbitrary files by supplying a full pathname in the file parameter. Several sources (NVD, Red Hat entry, OpenVAS tests) ...

Code injection

interface/fax/faxdispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter...

CVE-2012-0992

interface/fax/faxdispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter...

CVE-2012-0980

SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...

Enigma2 'file' Parameter Information Disclosure Vulnerability

Enigma2 is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local files in the context of the webserver process. This may allow the attacker to obtain sensitive information; other attacks...

Directory traversal

Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter...

CVE-2011-4716

CVE-2011-4716 describes a directory traversal vulnerability in DreamBox DM800 (versions up to 1.6rc3, 1.5rc1 and earlier) that allows remote attackers to read arbitrary files via the file parameter. The affected component is the file handling logic within the DreamBox DM800 firmware. The underlyi...

DEBIAN-CVE-2010-4879

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the inputfile parameter...

CVE-2011-1715

Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f encoded dot dot sequences in the file parameter...

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...

CVE-2010-3447

Cross-site scripting XSS vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a viewfile action...