CVE-2016-6852

Open-Xchange OX App Suite is affected by CVE-2016-6852. The vulnerability exists in versions prior to 7.8.2-rev8 and arises from allowing users to supply local file paths to the RSS reader. The response and error handling can reveal whether a given path exists, enabling attackers to enumerate spe...

ALPINE-CVE-2016-6627

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

UBUNTU-CVE-2016-9152

Cross-site scripting XSS vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter...

Predictable tmp File Path Vulnerability in Phusion Passenger

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...

Restore Fails for Database with Consecutive Backslash Characters in File Path

Challenge Veeam Explorer for Microsoft SQL Server reports the error: Inconsistent database metadata. See the log for details. Cause One or more database file paths contained multiple consecutive backslash characters when the SQL server was backed up. Solution Clarifying Issue This issue cannot be...

KLA10876 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper value...

Apache OpenOffice -- multiple vulnerabilities

The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...

Unauthorized operation vulnerability in '/cases/adminu/modifyinfo.php' in biweb version V5.86

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

Exploit for jsp platform in category web applications ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel:...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation

i? ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

VideoIQ Camera Remote File Disclosure

"cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Connection:...

VideoIQ Camera - Local File Disclosure

"cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost 8080"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $port = $argv2; $pack = "GET /%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C..FILEPATH HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Connection:...

PHP Real Estate Script 3 - Arbitrary File Disclosure

PHP Real Estate Script 3 - Arbitrary File Disclosure Exploit Title: php Real Estate Script Arbitrary File Disclosure Date: 2016-07-08 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.realestatescript.eu/ Version: v.3 Download Link :...

phpMyAdmin directory traversal vulnerability (CNVD-2016-04566)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A directory traversal vulnerability exists in the...

Shanghai Zhuo fan cms government service center/index/downLoadFile. action download vulnerability

http://xxx.com/index/downLoadFile.action?fileName=web.xml&filePath=WEB-INF/web.xml...

Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)

A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pablo Rebolini - Valid credentials are required !. Most of...