Vulnerability of the handler/script in the “download.php” file of the information system development platform: An exploit that allows an attacker to read arbitrary files on the server.

The vulnerability in the handler/download.php script of the information system development platform exists due to insufficient checking of the POST parameter filename. Exploiting this vulnerability allows a malicious actor to read the contents of arbitrary files on the server using a specially...

File Inclusion Vulnerability in deituiCMS

deituiCMS is a PHP-based open source content management system. A file inclusion vulnerability exists in deituiCMS, which can be exploited by an attacker to include arbitrary files on the server...

File Inclusion Vulnerability in WMCMS

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS has a file inclusion vulnerability that can be exploited by an attacker to include arbitrary files on the server...

Path Traversal

Overview Versions of algo-httpserv prior to 1.1.2 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.1.2 or later. References GitHub Advisory...

File Inclusion Vulnerability in Acme CMS

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Acme CMS has a file inclusion vulnerability that can be exploited by an attacker to include any file on the server...

PCI DSS Compliance - Information Leakage

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

GHSA-2HHW-P8MG-JRM6 Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6...

Path Traversal

Overview Versions of servey prior to 3.x are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to the latest version References - HackerOne Report - GitHub Advisory...

Path Traversal

Overview Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6 References - HackerOne Report - GitHub Advisory...

phpFileManager 1.7.8 - Local File Inclusion

Exploit Title: phpFileManager 1.7.8 - Local File Inclusion Date: 01.04.2019 Exploit Author: Murat Kalafatoglu Vendor Homepage: https://sourceforge.net/projects/phpfm/ Software Demo: https://phpfm-demo.000webhostapp.com/ Version: v1.7.8 Category: Webapps Tested on: XAMPP for Linux Description: Any...

GHSA-QWJ8-P662-3M7X Path Traversal in localhost-now

All versions of localhost-now are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is made...

Path Traversal in localhost-now

All versions of localhost-now are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is made...

Arbitrary File Deletion Vulnerability in cszcms-1.2.1

CSZCMS is an open source web application that allows to manage all the content and settings on a website. An arbitrary file deletion vulnerability exists in cszcms-1.2.1, which can be exploited by an attacker to delete arbitrary files on the server when deleting an avatar...

HSYCMS suffers from arbitrary file download vulnerability

Hsycms is an enterprise-level web content management system, written by PHP+MYSQL, using template separation technology to support the creation of many types of sites. An arbitrary file download vulnerability exists in HSYCMS, which can be exploited by attackers to obtain sensitive file informati...

Path Traversal in total.js

Affected versions of total.js are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files outside the /public folder by using relative paths. The files served are limited to these file types: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml...

GHSA-3Q32-J57W-Q4W7 Path Traversal in total.js

Affected versions of total.js are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files outside the /public folder by using relative paths. The files served are limited to these file types: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml...

Path Traversal in simplehttpserver

Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 0.2.1 or later...

GHSA-45J8-PM75-5V8X Path Traversal in simplehttpserver

Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 0.2.1 or later...

GHSA-7C9W-QMRQ-FF8R Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to version 1.0.7...