Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

WordPress Canto 1.3.0 - Blind Server-Side Request Forgery

WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...

Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. dot dot in the 1 file parameter to document.php or 2 backtopage parameter in a create action to comm/action/fiche.php. id:...

WordPress Site Editor <=1.1.1 - Local File Inclusion

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php. id: CVE-2018-7422 info: name: WordPress Site Editor =1.1.1 - Local File Inclusion author: LuskaBol,0x240x23elu...

Joomla! Component JProject Manager 1.0 - Local File Inclusion

A directory traversal vulnerability in the Ternaria Informatica JProject Manager comjprojectmanager component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1469 inf...

Joomla! Component SmartSite 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the SmartSite comsmartsite component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1657 info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author:...

Joomla! Component LoginBox - Local File Inclusion

A directory traversal vulnerability in the LoginBox Pro comloginbox component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1353 info: name: Joomla! Component LoginBox - Local File Inclusion author: daffainfo severity...

Joomla! Component JotLoader 2.2.1 - Local File Inclusion

A directory traversal vulnerability in the JotLoader comjotloader component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File...

Joomla! Component Juke Box 1.7 - Local File Inclusion

A directory traversal vulnerability in the JOOFORGE Jutebox comjukebox component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1352 info: name: Joomla! Component Juke Box 1.7 - Local File Inclusion...

MODx manager - Local File Inclusion

A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. dot dot in the classkey parameter when magicquotesgpc is disabled. id: CVE-2010-5278 info: name: MODx manag...

phpShowtime 2.0 - Directory Traversal

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via 1 the page parameter to ajax.php or 2 the id parameter to general/pandorahelp.php, and allow remote attackers to include and execute, create, modify, or...

Joomla! Component SVMap 1.1.1 - Local File Inclusion

A directory traversal vulnerability in the SVMap comsvmap component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1308 info: name: Joomla! Component SVMap 1.1.1 - Local File Inclusion author: daffainfo...

Joomla! Component PicSell 1.0 - Arbitrary File Retrieval

A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...

Joomla! Component Address Book 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the AddressBook comaddressbook component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1471 info: name: Joomla! Component Address Book 1.5.0 - Local File Inclusion...

Joomla! Component NoticeBoard 1.3 - Local File Inclusion

A directory traversal vulnerability in the Code-Garage NoticeBoard comnoticeboard component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1658 info: name: Joomla!...

FiberHome Routers - Local File Inclusion

FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. id: CVE-2017-15647 info: name: FiberHome Routers - Local File Inclusion author: daffainfo severity: high description: FiberHome routers are...

Trixbox - 2.8.0.4 OS Command Injection

Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. id: CVE-2017-14535 info: name: Trixbox - 2.8.0.4 OS Command Injection author: pikpikcu severity: high description: Trixbox 2.8.0.4 is vulnerable to OS command...

WordPress RobotCPA 5 - Directory Traversal

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

Dompdf < v0.6.0 - Local File Inclusion

A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a...