25 matches found
EUVD-2021-28610
Malicious code in bioql PyPI...
Arbitrary File Write
Overview Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to...
CVE-2017-9067
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...
CVE-2016-9976
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252...
PAJAX Remote Command Execution
No description provided by source. $Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Xataface WebAuction and Xataface Librarian DB - Multiple Vulnerabilities
Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...
eFront 3.6.9 Build 10653 Local File Inclusion
------------------------------------------------------------------------ Software................eFront 3.6.9 build 10653 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.efrontlearning.net/ Discovery Date..........5/12/2011 Test...
CVE-2009-2263
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathnam...
CVE-2008-6825
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. dot dot in the langChoice parameter...
CVE-2009-0722
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...
CVE-2008-5171
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 DB, 2 lang, and 3 skin parameters...
FubarForum 1.5 - 'index.php' Local File Inclusion
Name : FubarForum v1.5 Local File Inclusion Vulnerability Author : cOndemned Dork : for ex. "Powered by FubarForum v1.5" Greetz : TBH, GregStar, ZaBeaTy, irk4z, Hawk, Sandtalker & Avantura ; Source : // index.php 5. if !empty$GET'page' $page = $GET'page'; // ---- $page is being sended using GET...
Directory traversal
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. dot dot in the outconfig parameter...
Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vuln
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV80$2007 ----------------------------------------------------------------------------------------- ECHOADV80$2007 Softerra Time-Assistant = 6.2 incdir Remote File Inclusion...
CVE-2006-4579
Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. dot dot in the language parameter...
CVE-2006-5834
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. dot dot sequence in the sLanguage Cookie parameter...
DeluxeBB 1.06 - 'templatefolder' Remote File Inclusion
Secunia Research has discovered some vulnerabilities in DeluxeBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. 1 Input passed to the "templatefolder" parameter in various scripts isn't properly verified, before it is used to inclu...
DeluxeBB 1.06 - templatefolder Remote File Inclusion
DeluxeBB 1.06 - templatefolder Remote File Inclusion Secunia Research has discovered some vulnerabilities in DeluxeBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. 1 Input passed to the "templatefolder" parameter in various script...
CVE-2006-2156
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. dot dot sequences in the helpfile parameter...
Code injection
config/configinc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SGHOME parameter...