LMCMS background arbitrary file download vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...

LMCMS Backend Arbitrary File Deletion Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system management background full media library column under the file management provided in th...

OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

TRS WCM 文件路径处理不当导致任意文件上传

No description provided by source...

CVE-2015-8620

Heap-based buffer overflow in the Avast virtualization driver aswSnx.sys in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request...

Heap overflow

Heap-based buffer overflow in the Avast virtualization driver aswSnx.sys in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request...

Apache Jetspeed Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

Apache Jetspeed - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

WordPress HB Audio Gallery Lite 1.0.0 Arbitrary File Download

Exploit Title: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download Exploit Author: CrashBandicot Date: 2016-03-22 Google Dork : inurl:/wp-content/plugins/hb-audio-gallery-lite Vendor Homepage: https://fr.wordpress.org/plugins/hb-audio-gallery-lite/ Tested on: MSWin32 Version: 1.0.0...

WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download

WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download Exploit Title: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download Exploit Author: CrashBandicot Date: 2016-03-22 Google Dork : inurl:/wp-content/plugins/hb-audio-gallery-lite Vendor Homepage:...

Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download

The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...

Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download

The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...

WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download

Exploit Title: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download Exploit Author: CrashBandicot Date: 2016-03-22 Google Dork : inurl:/wp-content/plugins/hb-audio-gallery-lite Vendor Homepage: https://fr.wordpress.org/plugins/hb-audio-gallery-lite/ Tested on: MSWin32 Version: 1.0.0...

Imgur: Local file read in image editor

Filepaths were able to traverse up outside of their intended directory when using the /edit/process API endpoint. Insufficient imageid filtration in image editor allowed an attacker to read arbitrary files. An attacker could read files by setting file path in imageid GET param in /edit/process AP...

Exim Configuration File Path Elevation of Privilege Vulnerability

Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in Exim that stems from an error in the program's handling of environment variabl...

D-Link DVG­N5402SP - Multiple Vulnerabilities

D-Link DVG­N5402SP - Multiple Vulnerabilities Exploit Title: DLink DVG­N5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVG­N5402SP File Path Traversal...

D-Link DVG­N5402SP - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: DLink DVG­N5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVG­N5402SP File...

D-Link DVG­N5402SP - Multiple Vulnerabilities

Exploit Title: DLink DVG­N5402SP Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.dlink.com/ Versions Reported: Multiple - See below CVE-IDs: CVE-2015-7245 + CVE-2015-7246 + CVE-2015-7247 DLink DVG­N5402SP File Path Traversal, Weak Credentials Management, and Sensitive...

Ruby on Rails remote code execution vulnerability analysis (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net

If your application uses a dynamic rendering path, such as render params:id, and then unfortunately, the application currently by the presence of local file inclusion and lead to remote code execution vulnerabilities, please quickly move your Rails to update to the latest version, or for your...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...