phpShowtime 2.0 - Directory Traversal

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via 1 the page parameter to ajax.php or 2 the id parameter to general/pandorahelp.php, and allow remote attackers to include and execute, create, modify, or...

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

Joomla! Component JA Comment - Local File Inclusion

A directory traversal vulnerability in the JA Comment comjacomment component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1601 info: name: Joomla! Component JA Comment - Local File Inclusion author: daffainfo severit...

Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion

A directory traversal vulnerability in the TRAVELbook comtravelbook component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1535 info: name: Joomla! Component...

Joomla! Component AWDwall 1.5.4 - Local File Inclusion

A directory traversal vulnerability in the AWDwall comawdwall component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1494 info: name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion author: daffain...

Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion

A directory traversal vulnerability in the JE Form Creator comjeformcr component for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the...

Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion

A directory traversal vulnerability in the Deluxe Blog Factory comblogfactory component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1955 info: name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local Fi...

Joomla! Component Online Market 2.x - Local File Inclusion

A directory traversal vulnerability in the Online Market commarket component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1722 info: name: Joomla! Component Onlin...

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion

A directory traversal vulnerability in the MT Fire Eagle commtfireeagle component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1719 info: name: Joomla! Component ...

WordPress RobotCPA 5 - Directory Traversal

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

Casdoor 1.13.0 - Unauthenticated SQL Injection

Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations. id: CVE-2022-24124 info: name: Casdoor 1.13.0 - Unauthenticated SQL Injection...

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal

A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the dewfile parameter. id: CVE-2013-7240 info: name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal author...

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

rConfig 3.9.4 - Server-Side Request Forgery

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39110 info: name: rConfig 3.9.4 - Server-Side...

Joomla! Component redSHOP 1.0 - Local File Inclusion

A directory traversal vulnerability in the redSHOP comredshop component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1531 info: name: Joomla! Component redSHOP 1.0 - Local File Inclusion author: daffainfo...