TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02026)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the pptphellointerval variable of the...

WordPress Plugin Service Finder Booking 3.2 - Local File Disclosure

WordPress Plugin Service Finder Booking 3.2 - Local File Disclosure Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...

Design/Logic Flaw

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition NVE 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted...

QEMU 'b/nbd/server.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU 'b/nbd/server.c'. An attacker can exploit the vulnerability to cause a denial of service...

Arbitrary File Download Vulnerability in Campus Card Portal of Harbin Xinzhongxin Electronics Co.

Campus Card Portal is a digital campus solution. An arbitrary file download vulnerability exists in the Campus Card Portal of Harbin Xinzhongxin Electronics Co. The vulnerability allows an attacker to download arbitrary files from the server...

XXE Vulnerability in TRS Comment Plugin

TRS Comment plug-in developed by Topsy, widely used in the national government, enterprises and institutions portal of the general-purpose plug-ins. TRS Comment plug-in synchannel Servlet XXE vulnerability, an attacker can use the vulnerability to read any file on the server, traversing the serve...

SolarWinds Log and Event Manager Arbitrary File Read Vulnerability

SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker can exploit the...

PHPMailer Arbitrary File Read Vulnerability

PHPMailer is a PHP class library for sending e-mail . An arbitrary file read vulnerability exists in PHPMailer. An attacker can read the contents of any file on the server...

DEBIAN-CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

Symantec Messaging Gateway Directory Traversal Vulnerability

Symantec Messaging Gateway is a spam filter that combines anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A directory traversal vulnerability exists in Symantec Messaging Gateway version 10.6.2. An attacker can leverage the directory...

WordPress Plugin Image Export Local File Leakage Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A local file disclosure vulnerability exists in the WordPress plugin Image Export 'download/php'. An attacker...

XXE Vulnerability in Ninth OA System

Ninth OA system is the OA system to install, implement, learn, operate and maintain. Ninth OA system DocumentBuilder db = ex.newDocumentBuilder; Document doc = db.parserequest.getInputStream; XXE vulnerability exists. An attacker can read arbitrary files on the server and obtain sensitive...

BageCms content management system background arbitrary file download vulnerability

BageCMS is a multi-functional open source web content management system based on php5+mysql5 development. BageCms content management system backend arbitrary file download vulnerability , allowing attackers to exploit the vulnerability can download any file in the server...

Honeywell IP-Camera HICC-1100PT - Local File Disclosure

Honeywell IP-Camera HICC-1100PT - Local File Disclosure 1. Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Local File Inclusion Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Tested on Camera types :...

LMCMS Backend Arbitrary File Deletion Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system management background full media library column under the file management provided in th...

LebiShop Mall Backend Arbitrary File Write Vulnerability

LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The mall system's management background provides a system template file editing function, the function of the page file parameters have not been strict...

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

batik: XML External Entity (XXE) injection in SVG parsing

It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more...

AjaXplorer vulnerable to directory traversal

Overview AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

pfSense directory traversal vulnerability analysis-vulnerability warning-the black bar safety net

pfSense is based on FreeBSD, designed for Firewall and router features to customize the open source version. In this article, we will introduce in pfSense 2. 1. 3 and the lower version in the CVE-2 0 1 4-4 6 9 0 vulnerability; the higher the version, pfSense has fixed this vulnerability. 0×0 1...