PT-2023-8658 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Better PDF Exporter for Jira Server and Jira Data Center versions 10.3.0 and before Description: The issue is related to insufficient server-side request validation in the Better PDF Exporter plugin for Atlassian Jira Server and Data Center...

Milesight UR32L 路径遍历漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L suffers from a directory traversal vulnerability that can be exploited by an attacker to view arbitrary files on the system by sending a specially crafted URL request containing a "dot dot" sequence /.../. /...

CVE-2023-0156

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

CVE-2020-18127

An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files...

Design/Logic Flaw

An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files...

CVE-2020-18127

An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files...

WebP Express <= 0.14.10 - Multiple Issues

- Arbitrary File Viewing - CRSF - XSS including https://wpvulndb.com/vulnerabilities/9389 - Unauthorised Access...

CVE-2018-12306

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344...

WordPress Awesome Support plugin <= 4.3.1 - Authenticated Arbitrary File Viewing Vulnerability

WordPress Awesome Support plugin Authenticated Arbitrary File Viewing Vulnerability exists in the function wpastoolslogviewerview accessible through WordPress’ AJAX functionality in the file /includes/admin/functions-log-viewer.php: Solution Update the plugin...

WordPress WP Post Popup Plugin <= 2.0.0 - Arbitrary File Viewing Vulnerability

Arbitrary File Viewing Vulnerability could be used to view any file on the site. In the file /public/includes/proxy.php, it passes $GET input to filegetcontents function. Solution Update the plugin...

IBM Tivoli / Security Directory Server Remote Arbitrary File Viewing Vulnerability

IBM Security Directory Server ISDS, formerly IBM Tivoli Directory Server, ITDS is a suite of enterprise identity management software from IBM in the United States that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for...

ChangshinSoft EZTrans Server Download.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8155/info It has been reported that a problem in ChangshinSoft ezTrans Server exists in the download.php script that may allow an attacker to view arbitrary files. This may result in the disclosure of potentially sensitiv...

Tarantella Enterprise 3 3.x TTAWebTop.CGI Arbitrary File Viewing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script...

Microsoft IIS 4.0 showcode.asp例子脚本可查看任意文件内容漏洞

No description provided by source...

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...

Limbo CMS sql.php classes_dir Parameter Remote File Inclusion

The remote host is running Limbo CMS, a content-management system written in PHP. The version of Limbo CMS installed on the remote host fails to sanitize user-supplied input to the 'classesdir' parameter of the 'classes/adodbt/sql.php' script before using it in PHP 'includeonce' functions. Provid...

Mambo Open Source Multiple Vulnerabilities

The remote installation of Mambo Open Source fails to sanitize input to the 'mosusertemplate' cookie before using it to include PHP code from a local file. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host. ...

CVE-2003-1166

Directory traversal vulnerability in 1 Openfile.aspx and 2 Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. dot dot in the file parameter...

Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing

Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions...

Tarantella Enterprise 3 3.x - &#039;TTAWebTop.cgi&#039; Arbitrary File Viewing

source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script included with the Tarantella,...