WordPress MaxSlider Plugin <= 1.2.3 is vulnerable to Local File Inclusion

Software MaxSlider Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47351 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID f9c913e9044c Credits João Pedro S Alcântara Kinorth Required privileg...

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability

Summary A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

Joomla SIGE 3.4.1-FREE / 3.5.3-PRO RFI / Cross Site Scripting

Title: SIGE - Simple Image Gallery Extended joomla extension 3.4.1-FREE / 3.5.3-PRO - Multi Vulnerability Remote File Inclusion RFI & Cross Site Scripting XSS date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/ Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended Softwar...

WordPress Diarise 1.5.9 Local File Disclosure

Local File Disclosure in wordpress theme Diarise + Date: 07/05/2019 + CWE Number: CWE-98 + Risk: High + Author: Felipe Andrian Peixoto + Dork: inurl:"wp-content/themes/diarise/" + Vendor Homepage: https://woocommerce.com/?aff=1790 + Contact: [email protected] + Tested on: Windows 7 and...

Local file inclusion through transformation feature

PMASA-2018-6 Announcement-ID: PMASA-2018-6 Date: 2018-12-07 Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration...

WordPress sermon-shortcodes 1.0 Arbitrary File Download

Exploit Title : WordPress sermon-shortcodes 1.0 Plugins Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 27/11/2018 Vendor Homepage : wordpress.org sermonmanager.pro...

WordPress hwm_board 1.0 Arbitrary File Disclosure

Exploit Title : WordPress hwmboard 1.0 Plugins Korea Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 28/11/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Category : WebApps Version Information : All Current...

Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure

Advisory Information Title: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL: http://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities Date published: 2017-12-19 Date of last update: 2017-12-11...

Wireless Repeater BE126 - Local File Inclusion

Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-8770 1 -...

osCommerce 2.3.4 Local File Inclusion / Cross Site Request Forgery

Advisory ID: HTB23284 Product: osCommerce Vendor: osCommerce Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Public Disclosure: February 17, 2016 Vulnerability Type: PHP Fi...

Zen Cart 1.5.4 - Local File Inclusion

Zen Cart 1.5.4 - Local File Inclusion Advisory ID: HTB23282 Product: Zen Cart Vendor: Zen Ventures, LLC Vulnerable Versions: 1.5.4 Tested Version: 1.5.4 Advisory Publication: November 25, 2015 without technical details Vendor Notification: November 25, 2015 Vendor Patch: November 26, 2015 Public...

Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion

Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...

Joomla! Component com_docman - Multiple Vulnerabilities

Joomla! Component comdocman - Multiple Vulnerabilities Joomla docman Component 'comdocman' Full Path DisclosureFPD & Local File Disclosure/IncludeLFD/LFI CWE: CWE-200FPD CWE-98LFI/LFD Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 13/07/2015 Vendor Homepage:...

Joomla Docman Path Disclosure / Local File Inclusion Vulnerabilities

Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities. Joomla docman Component 'comdocman' Full Path DisclosureFPD & Local File Disclosure/IncludeLFD/LFI CWE: CWE-200FPD CWE-98LFI/LFD Risk: High Author: Hugo Santiago dos Santos Contact: email protected Date:...

Joomla Docman Path Disclosure / Local File Inclusion

Joomla docman Component 'comdocman' Full Path DisclosureFPD & Local File Disclosure/IncludeLFD/LFI CWE: CWE-200FPD CWE-98LFI/LFD Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 13/07/2015 Vendor Homepage:...

ResourceSpace 7.1.6513 Local File Inclusion Vulnerability

ResourceSpace version 7.1.6513 suffers from a local file inclusion vulnerability. Product: ResourceSpace Vendor: Montala Limited Vulnerable Versions: 7.1.6513 and probably prior Tested Version: 7.1.6513 Advisory Publication: May 6, 2015 without technical details Vendor Notification: May 6, 2015...

ResourceSpace 7.1.6513 Local File Inclusion

Advisory ID: HTB23258 Product: ResourceSpace Vendor: Montala Limited Vulnerable Versions: 7.1.6513 and probably prior Tested Version: 7.1.6513 Advisory Publication: May 6, 2015 without technical details Vendor Notification: May 6, 2015 Vendor Patch: June 1, 2015 Public Disclosure: June 3, 2015...

WordPress Download Manager Arbitrary File Download

WordPress Download Manager Plugin - Arbitrary File Download CWE: CWE-98 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 25/10/2014 Vendor Homepage: https://wordpress.org/plugins/download-manager/ Tested on: Windows 7 and Gnu/Linux Google Dork:...

Joomla component com_universal Remote File Inclusion Vulnerability exploit

No description provided by source. Joomla component comuniversal = Remote File Inclusion Vulnerability exploit +Software: Joomla component comuniversal UWCMS Universal Web CMS +Version: 1.0.0 +License: http://www.gnu.org/copyleft/gpl.html GNU/GPL +Source: http://uwcms.sourceforge.net +CWE ID : 98...