20542 matches found
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
Traggo Server - Local File Inclusion
traggo/server version 0.3.0 is vulnerable to directory traversal. id: CVE-2023-34843 info: name: Traggo Server - Local File Inclusion author: DhiyaneshDk severity: high description: | traggo/server version 0.3.0 is vulnerable to directory traversal. impact: | Successful exploitation of this...
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Gradio Hugging Face - Local File Inclusion
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio 3.33 id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works...
CAREL Boss Mini <= 1.4.0 - Local File Inclusion
Boss Mini 1.4.0 Build 6221 contains a file inclusion caused by manipulation of the 'path' argument in boss/servlet/document, letting remote attackers include arbitrary files, exploit requires remote access. id: CVE-2023-3643 info: name: CAREL Boss Mini = 1.4.0 - Local File Inclusion author:...
Blinko < 1.8.4 - Path Traversal
Blinko 1.8.4 contains a path traversal vulnerability caused by lack of permission checks and filtering on the temp/ path in the file server endpoint, letting unauthorized attackers read arbitrary files including backup files with user notes and tokens, exploit requires no special privileges. id:...
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...
WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...
Ericsson Drutt MSDP - Local File Inclusion
Ericsson Drutt Mobile Service Delivery Platform MSDP 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the default URI in the Instance Monitor. id: CVE-2015-2166 info: name: Ericsson Drutt MSDP - Local File Inclusion author: daffainfo severity: mediu...
Fonality trixbox - Local File Inclusion
Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to 1 home/index.php, 2 asteriskinfo/asteriskinfo.php, 3 repo/repo.php, or 4 endpointcfg/endpointcfg.php in maint/modules/. id: CVE-2014-5111 info...
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...
WP User Manager – User Profile Builder & Membership - Local File Inclusion
WP User Manager – User Profile Builder & Membership plugin for WordPress = 2.9.17 contains a local file inclusion caused by improper handling in the profile template scope function, letting unauthenticated attackers execute arbitrary PHP code, exploit requires ability to upload or control PHP...
SysAid Help Desk <15.2 - Local File Inclusion
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. dot dot in the fileName parameter of getGfiUpgradeFile or cause a denial of service CPU and memory consumption via .. dot dot in the fileName paramet...
WordPress RobotCPA 5 - Directory Traversal
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/readsessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter. id: CVE-2015-4666 info: name: Xceedium Xsuite =2.4.4.5 - Local File Inclusion author: 0xAkoko severity: medium...
ResourceSpace - Local File inclusion
ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. id: CVE-2015-3648 info: name: ResourceSpace - Local File inclusion author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion...
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location. id: CVE-2015-1000010 info: name: WordPress Simple Image Manipulator...
WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...
Devika - Local File Inclusion
A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...
Xibo 1.2.2/1.4.1 - Directory Traversal
A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php. id: CVE-2013-5979 info: name: Xibo 1.2.2/1.4.1 - Directory Traversal author: daffainfo severity:...