26 matches found
chromium-browser: script injection in devtools
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
Directory traversal
Directory traversal vulnerability in infusions/lastseenuserspanel/lastseenuserspanel.php in MyFusion aka MyF 6 Beta, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the settingslocale parameter...
CVE-2007-1524
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. dot dot in the settingsskin parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via...
Directory traversal
Absolute path directory traversal vulnerability in a MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and b VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the 1 language parameter in...
Directory traversal
Absolute path directory traversal vulnerability in 1 MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and 2 VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname i...
CVE-2006-2331
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via 1 a .. dot dot in the settingslocale parameter in infusions/lastseenuserspanel/lastseenuserspanel.php, and 2 a .. dot dot in the localeset parameter in...