141 matches found
WordPress WP Post Popup Plugin <= 2.0.0 - Arbitrary File Viewing Vulnerability
Arbitrary File Viewing Vulnerability could be used to view any file on the site. In the file /public/includes/proxy.php, it passes $GET input to filegetcontents function. Solution Update the plugin...
Directory traversal
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HT...
CVE-2017-8383
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder...
CVE-2017-8383
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder...
Alienvault OSSIM and USM PHP Object Injection Vulnerabilities
AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...
IBM Security Privileged Identity Manager Virtual Appliance Directory Traversal Vulnerability
IBM Security Privileged Identity Manager is an identity management product within the IBM Identity Governance and Management solution that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security. IBM Security Privileged Identity...
IBM Tivoli / Security Directory Server Remote Arbitrary File Viewing Vulnerability
IBM Security Directory Server ISDS, formerly IBM Tivoli Directory Server, ITDS is a suite of enterprise identity management software from IBM in the United States that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for...
TransmitMail vulnerable to directory traversal
Overview TransmitMail is a PHP based mail form. TransmitMail contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
Hybris Commerce Software Suite Directory Traversal Vulnerability
Hybris Commerce Software Suite is e-commerce software and multichannel commerce solutions. A directory traversal vulnerability in Hybris Commerce Software Suite allows an attacker to submit a special request to view the contents of a file with WEB privileges...
Tarantella Enterprise 3 3.x TTAWebTop.CGI Arbitrary File Viewing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script...
UNAK-CMS 1.5 'connector.php' Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30533/info UNAK-CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local file...
iDevSpot iSupport 1.8 'index.php' Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...
ChangshinSoft EZTrans Server Download.PHP Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8155/info It has been reported that a problem in ChangshinSoft ezTrans Server exists in the download.php script that may allow an attacker to view arbitrary files. This may result in the disclosure of potentially sensitiv...
Alt-N WebAdmin 2.0.x Remote File Viewing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7438/info Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system...
DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion
Title ----- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Severity -------- High Date Discovered --------------- February 14, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: 0x00string, Ryan Oliver and r@b13$ Vulnerability Description...
asaanCart <= 0.9 Multiple Vulnerabilities - Active Check
asaanCart is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Bitweaver 'rankings.php' Local File Include Vulnerability
Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure
source: https://www.securityfocus.com/bid/47731/info BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input. A remote attacker may leverage the cross-site scripting issues to execute...
WebCalenderC3 vulnerable to directory traversal
Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Microsoft IIS 4.0 showcode.asp例子脚本可查看任意文件内容漏洞
No description provided by source...