819 matches found
FlightPath - Local File Inclusion
FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion. id: CVE-2019-13396 info: name: FlightPath - Local File Inclusion author: 0xAkoko,daffainfo severity: medium description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion...
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...
AudioCodes 420HD - Remote Code Execution
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution. id: CVE-2018-10093 info: name: AudioCodes 420HD - Remote Code Execution author: wisnupramoedya severity: high description: | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow...
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree. id: CVE-2017-1000170 info: name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion author: dwisiswant0 severity: high...
SolarView Compact <= 6.00 - Local File Inclusion
There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php id: CVE-2023-29919 info: name: SolarView Compact = 6.00 - Local File Inclusion author: For3stCo1d severity: critical description: | There is ...
FUEL CMS 1.4.1 - Remote Code Execution
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...
LogonTracer <=1.2.0 - Remote Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...
SolarView Compact 6.00 - OS Command Injection
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via confmail.php. id: CVE-2022-29303 info: name: SolarView Compact 6.00 - OS Command Injection author: badboycxcc severity: critical description: | SolarView Compact 6.00 was discovered to contain a command injecti...
Apache Struts2 S2-008 RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. id: CVE-2012-0392 info: name: Apache...
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...
PrismaWEB - Credentials Disclosure
PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the loginpar.j...
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter. id: CVE-2018-16283 info: name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion author: 0x240x23elu severity: critical description: WordPress Wechat Broadcast plugin 1.2.0...
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP...
Responsive filemanager 9.13.1 Server-Side Request Forgery
Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. id: CVE-2018-14728 info: name: Responsive filemanager 9.13.1 Server-Side Request Forgery author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible t...
Rails File Content Disclosure
Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...
Oracle Business Intelligence/XML Publisher - XML External Entity Injection
Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack. id: CVE-2019-2616 info: name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection author: pdteam severity: high description: Oracle...
Webmin <1.997 - Authenticated Remote Code Execution
Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a...
eMerge E3 1.00-06 - Remote Code Execution
Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities. id: CVE-2019-7256 info: name: eMerge E3 1.00-06 - Remote Code Execution author: pikpikcu severity: critical description: | Linear eMerge E3-Series devices are susceptible to remote code execution...
Drupal SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...
Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.
Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...