NTP ntpq Component Elevation of Privilege Vulnerability

NTP Network Time Protocol is a network protocol that synchronizes the clocks of two computers by exchanging packets. An elevation of privilege vulnerability exists in the ntpq component of NTP version 4.2.8p5, which can be exploited by a remote attacker to affect integrity by manipulating the...

Directory traversal

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the fileName parameter...

CVE-2016-3972

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the fileName parameter...

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Recent assessments: Assessed Attacker Value: 0 Assessed...

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

Xceedium Xsuite Cross-Site Scripting Vulnerability

Xceedium Xsuite is a unified identity management solution from Xceedium that provides access control, monitoring and logging capabilities for hybrid cloud environments. The solution supports access control policies based on roles or individual users. A cross-site scripting vulnerability exists in...

Cross site scripting

Cross-site scripting XSS vulnerability in ajaxcmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter...

CollabNet Subversion Edge tail local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...

CollabNet Subversion Edge Management downloadHook LFI

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

Novell ZENworks Configuration Management FileViewer Information Disclosure (CVE-2015-0783)

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to lack of sanitization on the filename parameter within the FileViewer class. By sending crafted requests to the target server, a remote attacker can leverage this vulnerability t...

SysAid Help Desk Directory Traversal Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. The SysAid Help Desk /sysaid/getGfiUpgradeFile URI and /sysaid/calculateRdsFileChecksum URI fails to adequately filter the 'fileName' parameter, allowing remote attackers to exploit a vulnerability to submit a special directory...

Path traversal

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ four backslashes in the fileName parameter to getRdsLogFile...

Directory traversal

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. dot dot in the FILENAME parameter...

Directory traversal

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter in an LFU action to statusUpdate...

CVE-2014-5006

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter to mdm/mdmLogUploader...

CVE-2014-5006

CVE-2014-5006 affects ManageEngine Desktop Central/DC before 9 build 90055. A directory traversal in the mdmLogUploader servlet via a .. in the fileName parameter enables remote code execution. Affected component: mdmLogUploader handling in Desktop Central. Impact: arbitrary code execution on aff...

Design/Logic Flaw

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream ADS syntax in the filename...

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream ADS syntax in the filename...

KAPhotoservice search.asp filename Parameter XSS

No description provided by source...

Elxis 'filename' Parameter Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37158/info Elxis is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could ai...