113 matches found
CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...
[ASA-201712-2] cacti: multiple issues
Arch Linux Security Advisory ASA-201712-2 ========================================= Severity: High Date : 2017-12-02 CVE-ID : CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 Package : cacti Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-537 Summary =====...
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
Design/Logic Flaw
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
Remote code execution
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
DEBIAN-CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
UBUNTU-CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
DEBIAN-CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-16660
CVE-2017-16660 affects Cacti 1.1.27, where remote authenticated administrators can trigger Remote Code Execution by placing the Log Path under the web root and issuing a remote_agent.php request containing PHP code in the Client-ip header. This vulnerability is documented as an arbitrary-code-exe...
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-16661
Cacti 1.1.27 is affected by CVE-2017-16661 (arbitrary filesystem access) via a vulnerability where a remote authenticated administrator can set a private Log Path and request clog.php?filename= to read files (example /etc/passwd). The issue is part of a set of CVEs (including CVE-2017-16641, CVE-...
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...
Unauthorized Access Vulnerability in ICEFLOW VPN Router System of Shanghai Bingfeng Computer Network Technology Co.
Shanghai Bingfeng Computer Network Technology Co., Ltd. is a domestic VPN, Traffic Management, Behavior Management, Link Load Balancing, Next Generation Firewall equipment supplier and IT value solution provider. Bingfeng network reporter system is a set of data report management system...
HP SiteScope Log Analyzer Information Disclosure (CVE-2015-2120)
A privilege escalation vulnerability exists in HP SiteScope. The vulnerability is due to improper validation of the log path, allowing the user to read the users.config file. A remote, authenticated attacker may exploit this vulnerability by submitting a crafted log path...