3 matches found
CVE-2021-41291
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device...
ManageEngine File Download / Content Disclosure / SQL Injection
Hi, This is part 12 of the ManageOwnage series. For previous parts, see 1. This time we have an arbitrary file download, directory content disclosure and blind SQL injection vulnerabilities in ManageEngine OpManager, Applications Manager and IT360. I've pushed two new Metasploit modules into the...
Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing
Ultimate PHP Board 1.0 final Beta - viewtopic.php Directory Contents Browsing source: https://www.securityfocus.com/bid/6334/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. Under some circumstances, it ma...