CVE-2020-3794

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory...

Adobe ColdFusion File Inclusion Vulnerability

Adobe ColdFusion is a commercial rapid application development platform. A file inclusion vulnerability exists in Adobe ColdFusion. An attacker can exploit this vulnerability to achieve arbitrary code execution of files located in the webroot or its subdirectories...

Vulnerability fixed in Apache Tomcat

A malicious party can exploit the vulnerability to obtain information from the system. The vulnerability was caused because the AJP protocol was incorrectly was implemented incorrectly. A malicious party could possibly read files a malicious request to read files from the webroot directory. The A...

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

Directory traversal

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion

------------------------------------------------------------------------------ SuiteCRM = 7.11.11 addtoprospectlist Broken Access Control Vulnerability ------------------------------------------------------------------------------ - Software Link: https://suitecrm.com/ - Affected Versions: Versio...

[20200803] - Core - Directory traversal in com_media

Lack of input validation allows commedia root paths outside of the webroot...

CVE-2013-7390

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot...

Unrestricted file upload

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot...

CVE-2013-7390

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot...

Missing warning can lead to unauthenticated admin access in SilverStripe

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...

Linear eMerge E3 1.00-06 card_scan.php Command Injection

!/usr/bin/env python Linear eMerge E3 Unauthenticated Command Injection Remote Root Exploit Affected version: \n' sys.exit ipaddr = sys.argv1 print while True: try: cmd = rawinput'lighttpd@'+ipaddr+':/spider/web/webroot$ ' execute =...

Atlassian Jira Webroot Directory Traversal Vulnerability

Binary data jiracve20198442directorytraversal.nbin...

CVE-2019-9530

The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory...

Phish Uses Google's URL Decoding to Swim Past Defenses

A phishing campaign that takes advantage of Google’s ability to decode non-ASCII URL data on the fly is making the rounds – looking to fool the unsavvy by effectively hiding the website address of the campaign’s phishing page. The campaign makes use of what’s called percentage-based URL encoding ...

Design/Logic Flaw

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access...

Path Traversal

Overview All versions of public are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL. Recommendation No fix is currently available. Do not use public in production or consider using an alternative...