Lucene search
K

5 matches found

Cvelist
Cvelist
added 2015/01/05 8:0 p.m.30 views

CVE-2014-8084

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ajaxfile parameter in a custom action...

7AI score0.03249EPSS
Exploits2References6
CVE
CVE
added 2015/01/05 8:0 p.m.57 views

CVE-2014-8084

OSClass before 3.4.3 is affected by CVE-2014-8084, a local file inclusion in the ajax.php controller (custom action). The flaw stems from unsanitized input passed via the ajaxfile/route mechanism, which is used to determine the file to require, allowing an attacker to include and execute arbitrar...

7.5CVSS7.2AI score0.03249EPSS
Exploits2References6Affected Software1
securityvulns
securityvulns
added 2015/01/02 12:0 a.m.81 views

[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability

-------------------------------------------------------------- Osclass = 3.4.2 ajax.php Local File Inclusion Vulnerability -------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior versions. -...

7.5CVSS7AI score0.03249EPSS
Exploits2
0day.today
0day.today
added 2015/01/01 12:0 a.m.60 views

Osclass 3.4.2 Local File Inclusion Vulnerability

Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability. -------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file =...

7.5CVSS6.3AI score0.03249EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/12/31 12:0 a.m.59 views

Osclass 3.4.2 Local File Inclusion

-------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file = $routes$rid'file'; 232. 233. else 234. // DEPRECATED: Disclosed path in URL is deprecated, use...

7.5CVSS6.7AI score0.03249EPSS
Exploits2
Rows per page
Query Builder