Trusted-Directory Bypass via Path Traversal

Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...

Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure Exploit

Exploit for php platform in category web applications -- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoksel ||...

CVE-2018-10286

The CVE-2018-10286 case involves Ericsson-LG iPECS NMS A.1Ac Web App. It discloses sensitive data (NMS admin credentials and PostgreSQL credentials) to logged-in users via HTTP POST responses. Affected component: web application; root cause: credentials exposed in responses to authenticated reque...

DotNetNuke DNNarticle Module 11 - Directory Traversal

DotNetNuke DNNarticle Module 11 - Directory Traversal 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information...

DotNetNuke DNNarticle Module 11 - Directory Traversal

Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

Code injection

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

CVE-2018-9126

CVE-2018-9126 affects the DNNArticle module 11 for DotNetNuke. The vulnerability allows remote attackers to read the web.config via the URI /GetCSS.ashx/?CP=%2fweb.config, exposing database credentials and other config data. Exploit references exist (Exploit-DB, PacketStorm), confirming in-the-wi...

DotNetNuke DNNarticle Directory Traversal Vulnerability

Exploit for asp platform in category web applications 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian 02. Vulnerability Information OVE-ID: CVE-2018-912...

DotNetNuke DNNarticle Directory Traversal

Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...

Giribaz File Manager Information Disclosure Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog site.Giribaz File Manager plugin is used in one of the file management plugin. A security vulnerability exists in the...

CVE-2018-7204

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...

CVE-2018-7204

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...

CMS Made Simple 2.1.6 Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Versio...

BMC Track-It! Information Disclosure Vulnerability

BMC Track-It! is a fully integrated IT helpdesk and asset management solution for small and medium-sized businesses from BMC Software, USA. The solution provides work order tracking, change management, process automation, asset inventory and asset management. A security vulnerability exists in...

Design/Logic Flaw

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...