Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. id: CVE-2017-15363 info: name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local...

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

Ericsson Drutt MSDP - Local File Inclusion

Ericsson Drutt Mobile Service Delivery Platform MSDP 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the default URI in the Instance Monitor. id: CVE-2015-2166 info: name: Ericsson Drutt MSDP - Local File Inclusion author: daffainfo severity: mediu...

PHPGurukul Hospital Management System - Cross-Site Scripting

PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter. id: CVE-2021-27519 info: name: FUDForum 3.1.0 - Cross-Site Scripting author: kh4sh3i severity: medium description: | FUDForum 3.1.0 contains a...

Apache Struts - Multiple Open Redirection Vulnerabilities

Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. id: CVE-2013-2248 info: name: Apache Struts - Multiple Open Redirection Vulnerabilities author: 0xAkoko severity: medium description: Apache Struts is prone ...

Joomla! Component RWCards 3.0.11 - Local File Inclusion

A directory traversal vulnerability in captcha/captchaimage.php in the RWCards comrwcards 3.0.11 component for Joomla! when magicquotesgpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. id: CVE-2008-6172 inf...

FiberHome Routers - Local File Inclusion

FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. id: CVE-2017-15647 info: name: FiberHome Routers - Local File Inclusion author: daffainfo severity: high description: FiberHome routers are...

SonicWall SonicOS 7.0 - Open Redirect

SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

Joomla! Component Address Book 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the AddressBook comaddressbook component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1471 info: name: Joomla! Component Address Book 1.5.0 - Local File Inclusion...

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktopurl. id: CVE-2019-14974 info: name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting author: madrobot severity: medium description: SugarCRM Enterprise 9.0.0 contains a...

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

Aptana Jaxer 1.0.3.4547 - Local File inclusion

Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. id: CVE-2019-14312 info: name: Aptana Jaxer 1.0.3.4547 - Local File inclusion author: daffainfo...

Joomla! Component Online Exam 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the Online Examination aka Online Exam or comonlineexam component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1715 info: name: Joomla! Component Online Exam 1.5.0 -...

Joomla! Component Fabrik 2.0 - Local File Inclusion

A directory traversal vulnerability in the Fabrik comfabrik component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1981 info: name: Joomla! Component Fabrik 2.0 - Local File Inclusion author: daffainfo...

Joomla! Component JotLoader 2.2.1 - Local File Inclusion

A directory traversal vulnerability in the JotLoader comjotloader component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File...

Joomla! Component com_rokdownloads - Local File Inclusion

A directory traversal vulnerability in the RokDownloads comrokdownloads component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1056 info: name: Joomla! Component comrokdownload...

Joomla! Component com_biblestudy - Local File Inclusion

A directory traversal vulnerability in the Bible Study combiblestudy component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter in a studieslist action to index.php. id: CVE-2010-0157 info: name: Joomla! Component...