Lucene search
K

26892 matches found

Nuclei
Nuclei
added 8 hours ago54 views

WordPress RobotCPA 5 - Directory Traversal

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

7.5CVSS7AI score0.12574EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago39 views

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

7.5CVSS7.1AI score0.08348EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago48 views

Ignite Realtime Openfire <4.42 - Local File Inclusion

Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory. id: CVE-2019-18393 info: name: Ignite Realtime Openfire 4.42 - Local File Inclusion author: pikpikcu severity...

5.3CVSS6.2AI score0.13945EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago33 views

Joomla! Harmis Messenger 1.2.2 - Local File Inclusion

Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...

7.5CVSS6.7AI score0.1059EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago41 views

BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...

7.8CVSS7.1AI score0.68243EPSS
Exploits6References5
Nuclei
Nuclei
added 8 hours ago48 views

WordPress Localize My Post 1.0 - Local File Inclusion

WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. id: CVE-2018-16299 info: name: WordPress Localize My Post 1.0 - Local File Inclusion author: 0xAkoko,0x240x23elu severity: high description: | WordPress Localize My Post 1.0 is susceptib...

7.5CVSS7AI score0.44358EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago26 views

Centos Web Panel 0.9.8.480 - Local File Inclusion

Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...

7.5CVSS7.3AI score0.70736EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago41 views

Webgrind <= 1.5 - Local File Inclusion

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer&file= URI id: CVE-2018-12909 info: name: Webgrind = 1.5 - Local File Inclusion author: DhiyaneshDk severity: high...

7.8CVSS7AI score0.18568EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago175 views

Docassemble - Local File Inclusion

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS6.9AI score0.69486EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago33 views

OS4Ed OpenSIS Community 8.0 - Local File Inclusion

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php modname parameter, which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. id: CVE-2021-40651 info: name: OS4Ed OpenSIS Community 8.0 - Local...

6.5CVSS6.7AI score0.18415EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago120 views

Essential Blocks < 4.4.3 - Local File Inclusion

Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site. id: CVE-2023-6623 info: name: Essential Blocks 4.4.3 - Local File...

9.8CVSS7AI score0.50673EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago72 views

Huawei Firewall - Local File Inclusion

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

4.3CVSS6.1AI score0.01238EPSS
Exploits0References1
Nuclei
Nuclei
added 8 hours ago42 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS7.1AI score0.08147EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago192 views

MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

9.8CVSS7.4AI score0.05018EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago47 views

Joomla! ChronoForums 2.0.11 - Local File Inclusion

Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials. id: CVE-2021-28377 info: name: Joomla!...

5.3CVSS6.3AI score0.08232EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago55 views

NexusDB <4.50.23 - Local File Inclusion

NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion. id: CVE-2020-24571 info: name: NexusDB 4.50.23 - Local File Inclusion author: pikpikcu severity: high description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../...

7.5CVSS7AI score0.17959EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago109 views

Apache Flink - Local File Inclusion

Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process aka local file inclusion. id: CVE-2020-17519 info: name: Apache Flink - Local File Inclusion author: pdtea...

9.1CVSS7.1AI score0.97856EPSS
Exploits14References5
Nuclei
Nuclei
added 8 hours ago82 views

Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

7.5CVSS7AI score0.55526EPSS
Exploits7References5
Nuclei
Nuclei
added 8 hours ago101 views

LimeSurvey 4.1.11 - Local File Inclusion

LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. id: CVE-2020-11455 info: name: LimeSurvey 4.1.11 - Local File Inclusion author: daffainfo severity: critical...

9.8CVSS7AI score0.96986EPSS
Exploits6References5
Nuclei
Nuclei
added 8 hours ago55 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References5
Rows per page
Query Builder