CVE-2018-16093

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2018-15772 Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the...

HP OpenCall Media Platform Remote Code Execution Vulnerability

HP OpenCall Media Platform is a suite of voice and video servers for developing and deploying messaging, portal and interactive services. A remote code execution vulnerability exists in HP OpenCall Media Platform, which could allow a remote attacker to exploit the vulnerability with a specific...

Joomla 3.4.5 Object Injection

package main / Exploit Title: Joomla 1.5.x to 3.4.5 Object Injection Exploit Exploit Author: Khashayar Fereidani http://fereidani.com Version: 1.5.x to 3.4.5 CVE : CVE-2015-8562 THIS EXPLOIT PUBLISHED ONLY FOR EDUCATIONAL PROPOSES ANY ILLEGAL USAGE IS ON YOUR OWN RESPONSIBILITY How to run : you...

Photo Website for iOS airphotos.ma local file inclusion vulnerability

Photo Website for iOS is a photo album tool. Photo Website for iOS airphotos.ma handles a local file inclusion vulnerability in 'mDirNameList' and 'mDirUrlList', which allows remote attackers to exploit the vulnerability to obtain the contents of system files...

QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections

QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections Exploit Title: QNAP Turbo NAS Multiple Path Injection Date: 2012-09-04 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.qnap.com/ Version: = 3.7.3 build 20120801 Tested on: QNAP TS-1279U-RP This vulnerability has been discovered on...

QNAP Turbo NAS 3.7.3 File Disclosure

Exploit for hardware platform in category web applications Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email:...

Novell Sentinel Log Manager 1.2.0.1 Directory Traversal

Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...

novell sentinel log manager 1.2.0.1 - Directory Traversal

novell sentinel log manager 1.2.0.1 - Directory Traversal Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The...

novell sentinel log manager 1.2.0.1 - Directory Traversal

Exploit Title: Novell Sentinel Log Manager directory traversal Date: 2011-12-18 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.novell.com/ Version: = 1.2.0.1 Tested on: Sentinel Log Manager Appliance 1.2.0.1 CVE: 2011-5028 The latest version of Sentinel Log Manager is prone to a...

SCO Unixware pkgadd directory traversal

It's possible to access any system files...

DaZPHP 0.1 (prefixdir) Local File Inclusion Vulnerability

No description provided by source. Script Name : DaZPHP Download : http://sourceforge.net/project/showfiles.php?groupid=132192 Vul CodeExample : http://site/Path/makepost.php?prefixdir=../../../../../../etc/passwd Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php"; Greetz :...

Hobbit monitor: Security issue with Hobbit 4.2-beta client

I was just notified by a Hobbit user that the current beta client has a security problem in the client "logfetch" utility, when installed as suid-root which is the default if "make install" is executed as root. Impact ------ The effect of this is that any user who is able to login and create file...

Sun Management Console information leak

Because of directory traversal bug it's possible to check any system file existance...

Fools Workshop Owls Workshop 1.0 - newmultiplechoice.php Arbitrary File Access

Fools Workshop Owls Workshop 1.0 - newmultiplechoice.php Arbitrary File Access source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI...

dcam webcam server personal Web server 8.2.5 - Directory Traversal

source: https://www.securityfocus.com/bid/9273/info It has been reported that the Personal Web Server of DCAM WebCam Server may be prone to a directory traversal vulnerability that may allow a remote attacker to traverse outside the server root directory by using '.' character sequences. DCAM...

Проблемы в libutlis/OpenSSH/login (unauthorized access)

При входе клиента не сбрасываются права суперюзера при просмотре параметров задаваемых в пользовательском .loginconf, что позволяет прочитать любой системный файл...

Дырка в Extent RBS

Обратный путь в директории к параметру программы Newuser позволяет получить доступ к любому системному файлу...

Очередная дырка в Sambar

Search.dll позволяет обратиться к любому файлу в системе используя полный путь...

Дырка в photoalbum

Обратный путь в директориях позволяет получить любой системный файл через explorer.php...