CVE-2023-25606

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-23 in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the...

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

CVE-2022-28213

CVE-2022-28213 concerns SAP BusinessObjects BI Platform (SOAP Web services) where XML input from an untrusted source is insufficiently validated, enabling XML External Entity (XXE) style behavior. Public entries identify affected releases as SAP BusinessObjects BI Platform 4.2/4.3; the issue can ...

Aternity SteelCentral AppInternals Directory Traversal Vulnerability (CNVD-2022-22670)

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A directory traversal vulnerability exists in Aternity SteelCentral AppInternals, which stems from the fact that /api/appInternals/1.0/plugin/pmx does not perform any validation of user input that...

Processwire CMS 2.4.0 Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

FreeBSD : typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

Typo3 Team reports : In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. Thi...

CVE-2013-2738

minidlna has SQL Injection that may allow retrieval of arbitrary files...

CVE-2013-2738

minidlna has SQL Injection that may allow retrieval of arbitrary files...

Design/Logic Flaw

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

anaconda clipper 3.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2512/info Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks. By including '/../' sequences in requested URLs, an attacker can cause the...

Scry Gallery Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17649/info Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

Chameleon LE 1.203 - index.php Directory Traversal

Chameleon LE 1.203 - index.php Directory Traversal source: https://www.securityfocus.com/bid/19107/info Chameleon LE is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files fr...

timobraun Dynamic Galerie 1.0 - galerie.php?pfad Arbitrary Directory Listing

timobraun Dynamic Galerie 1.0 - galerie.php?pfad Arbitrary Directory Listing source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to...