15 matches found
Employee Record Management System Directory Traversal Vulnerability
Employee Record Management System is an employee record management system. Employee Record Management System has a directory traversal vulnerability that originates from a directory traversal vulnerability in the admin/includes/ file, which can be exploited by an attacker to retrieve and download...
CVE-2021-44965
Directory traversal vulnerability in /admin/includes/ directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server...
CVE-2021-44965
Directory traversal vulnerability in /admin/includes/ directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server...
PT-2021-24186 · Unknown · Phpgurukul Employee Record Management System
Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Employee Record Management System version 1.2 Description: The issue allows an attacker to perform a directory traversal attack in the /admin/includes/ directory. This enables the retrieval and download of sensitive information fro...
CVE-2016-6635
Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...
Dazzle Blast Remote File Inclusion
Exploit for unknown platform in category web applications ================================== Dazzle Blast Remote File Inclusion ================================== o Dazzle Blast Remote File Inclusion Vulnerability Software : Dazzle Blast Download : http://www.dazzleblast.com/dazzleblast.zip Autho...
Dazzle Blast Remote File Inclusion
No description provided by source. o Dazzle Blast Remote File Inclusion Vulnerability Software : Dazzle Blast Download : http://www.dazzleblast.com/dazzleblast.zip Author : NoGe Contact : nogedotcodeatgmaildotcom Blog : http://evilc0de.blogspot.com/ Home : http://antisecurity.org/ o Vulnerable fi...
Directory traversal
Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the loaderfile parameter. NOTE: the vendor disputes this issue, stating "at...
Directory traversal
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the 1 ContactPlus and 2 Reviews modules, and 3 the modulename parameter to...
CVE-2008-5000
CVE-2008-5000 is an SQL injection vulnerability in PHPX 3.5.16, exploitable when magic_quotes_gpc is disabled. The flaw resides in admin/includes/news.inc.php, allowing remote attackers to inject arbitrary SQL via the news_id parameter (uppercase input). Multiple sources reference this PHPX issue...
CVE-2008-5000
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the newsid parameter...
CVE-2006-5291
PHP remote file inclusion vulnerability in admin/includes/spaw/spawcontrol.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PH...
CVE-2006-5291
The vulnerability CVE-2006-5291 affects Download-Engine 1.4.2 through a PHP remote file inclusion in admin/includes/spaw/spaw_control.class.php, exploitable via a URL in the spaw_root parameter to execute arbitrary PHP code on the server. The issue is noted as potentially in the third-party SPAW ...
CVE-2006-0697
Zen Cart before 1.2.7 is affected by CVE-2006-0697 due to insufficient protection of the admin/includes directory. The vulnerability, described in the NVD entry, allows remote attackers to trigger unknown impact via unspecified vectors (likely direct requests) with a CVSS v2 base score of 10.0 (H...
CVE-2005-3997
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including 1 graphs/bannerdaily.php, 2 graphs/bannerinfobox.php, 3 graphs/banneryearly.php, 4 graphs/bannermonthly.ph...