File Inclusion Vulnerability in Blue Route Blog System si***_mo***.php Page

Blue Route Blog System is built with PHP+MySQL. Blue Route blog system simo.php page there is a file inclusion vulnerability, an attacker can use the vulnerability to include any file on the server...

Arbitrary file download vulnerability in frontend of shopxo e-commerce system

ShopXO is an open source enterprise-level open source e-commerce system. shopxo e-commerce system foreground exists arbitrary file download vulnerability , an attacker can exploit the vulnerability to download any file on the server...

HkCMS suffers from an arbitrary file download vulnerability

HkCMS has been committed to providing free and open source content management system for enterprise station building, HkCMS has excellent expansion and secondary development capabilities, can be adapted to enterprise lightweight system development and deployment. HkCMS arbitrary file download...

Arbitrary File Read Vulnerability in HkCMS

HkCMS has been committed to providing free and open source content management system for enterprise station building, HkCMS has excellent expansion and secondary development capabilities, can be adapted to enterprise lightweight system development and deployment. HkCMS arbitrary file reading...

Arbitrary File Read Vulnerability in ShopXO

ShopXO is an open source enterprise-level open source e-commerce system. ShopXO arbitrary file read vulnerability, an attacker can use this vulnerability to obtain any file on the server...

UBUNTU-CVE-2018-14669

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server...

CVE-2019-14312

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI...

PHPSHE mall system 1.7 background exists arbitrary file deletion vulnerability

PHPSHE Mall System V1.7 is an online mall building system based on PHP5.2+/MySQL 5.0+. PHPSHE Mall System 1.7 background there are arbitrary file deletion vulnerability, the vulnerability stems from the absence of directory checks, attackers can use the vulnerability to delete any file server...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Arbitrary File Deletion Vulnerability in Frontend of Medical Virtual Simulation Teaching Experiment Platform

Medical virtual simulation teaching experiment platform system is a virtual reality system with computer virtual reality and digital simulation technology as the core, biosimulation engine, processing factor database, virtual environment interface and other technologies as the support. Medical...

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

Arbitrary File Download Vulnerability in Sida Fluoroplastics Co.

Remote server WEB service does not do suffix filtering and directory control on user-submitted download files, leading to malicious attackers to construct paths to download arbitrary server files. http://60.191.211.210:8088/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&peri...

PT-2019-17673 · Unknown · Serve-Here.Js

Name of the Vulnerable Software and Affected Versions: serve-here.js versions prior to 1.2.0 Description: The issue allows attackers to list any file in an arbitrary folder due to a path traversal vulnerability. This is caused by the package's failure to sanitize URLs, enabling attackers to acces...

Malicious Package

froever is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...

Arbitrary File Deletion Vulnerability in CSZ-CMS Management System

CSZ-CMS is an open source web application that allows to manage all content and settings on a website. An arbitrary file deletion vulnerability exists in the CSZ-CMS management system, which can be exploited by an attacker to delete arbitrary files on the server...

CVE-2019-5422

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...

Directory Traversal Vulnerability in Xinhuo Co-ordination Office System Backend

Xinhuo Co-operation Office System is an open source and cross-platform office system. There is a directory traversal vulnerability in the background of the Xinhao Collaboration Office System, an attacker logging in to the system by modifying the file path when downloading files can traverse the...

Ruby on Rails Arbitrary File Read Vulnerability

Ruby on Rails is a very productive, high-maintenance, easy-to-deploy Ruby on Rails Ruby on Rails is a very productive, high-maintenance, and easy-to-deploy web development framework developed using Ruby, and is one of the preferred frameworks for web application development worldwide. Ruby on Rai...

Arbitrary File Download Vulnerability in Joomla! Ye*** Vi*** Sh*** Component

Joomla! is an open source content management system CMS. An arbitrary file download vulnerability exists in the Joomla!Ye Vi Sh component, which stems from the program's failure to correctly process data passed by the user, and can be exploited by an attacker to download arbitrary files on the...