Lucene search
K

5166 matches found

CVE
CVE
added 2022/02/21 6:10 p.m.110 views

CVE-2022-22308

IBM Planning Analytics 2.0 (Planning Analytics Workspace 2.0) is affected by a Remote File Include (RFI) issue. Affected component is the web layer where user input can be injected into file include commands, potentially causing the application to include remote files with malicious code. Public ...

7.8CVSS7.7AI score0.00748EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/21 6:10 p.m.29 views

CVE-2022-22308

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include RFI attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891...

7.1CVSS7.6AI score0.00748EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/01 10:56 a.m.50 views

CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file

Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum'...

7.7CVSS8.1AI score0.01343EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.9 views

Land Software Faust Iserver 路径遍历漏洞

Land Software Faust Iserver is used by Land Software Germany to bring Faust, Faust Entry and Lidos databases to the Intranet and Internet. A path traversal vulnerability exists in Land Software FAUST iServer versions 9.0.017.017.1- 9.0.018.018.4, which stems from a lack of local include...

7.8CVSS7.3AI score0.26823EPSS
Exploits3References5
0day.today
0day.today
added 2021/08/17 12:0 a.m.299 views

GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Vulnerabilities

Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation of the LFI: POST...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/17 12:0 a.m.280 views

GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution

Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Date: 6-16-21 Vendor Notified Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation ...

Exploits0
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.6 views

Textpattern 代码问题漏洞

Textpattern is a free open source content management system based on PHP and MySQL. Textpattern has an arbitrary file upload vulnerability. An attacker can use the fileinsert function in include/txpfile.php to upload arbitrary files...

9.8CVSS5.8AI score0.0146EPSS
Exploits1References1
Gitee
Gitee
added 2021/01/24 6:59 p.m.7 views

Exploit for Path Traversal in Intelbras Tip200_Firmware

PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...

5.3CVSS6.6AI score0.05198EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/11/17 12:0 a.m.234 views

Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities

Exploit Title: Joomla Plugin Simple Image Gallery Extended SIGE 3.5.3 - Multiple Vulnerabilities Exploit Author: Vulnerability-Lab Date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/sige-simple-image-gallery-extended Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.944 views

SIGE 3.4.1 / 3.5.3 Pro Cross Site Scripting / Remote File Inclusion

Document Title: =============== SIGE Joomla 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2265 Release Date: ============= 2020-11-11 Vulnerability Laboratory ID VL-ID: ====================================...

0.2AI score
Exploits0
NVD
NVD
added 2020/11/12 6:15 p.m.17 views

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

9.8CVSS9.9AI score0.0307EPSS
Exploits0References2
Prion
Prion
added 2020/11/12 6:15 p.m.16 views

Authorization

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

7.5CVSS9.8AI score0.0307EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/12 5:33 p.m.48 views

CVE-2020-7472

This entry documents an unauthenticated remote code execution in SugarCRM via an authorization bypass and PHP local-file-include in the installation component. Affected versions include SugarCRM prior to 8.0, with 8.0 prior to 8.0.7, 9.0 prior to 9.0.4, and 10.0 prior to 10.0.0. The vulnerability...

9.8CVSS9.8AI score0.0307EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/12 5:33 p.m.19 views

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

10AI score0.0307EPSS
Exploits0References2
Vulnerability Lab
Vulnerability Lab
added 2020/11/11 12:0 a.m.46 views

SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities

Document Title: =============== SIGE Joomla 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2265 Release Date: ============= 2020-11-11 Vulnerability Laboratory ID VL-ID: ====================================...

0.7AI score
Exploits0
NVD
NVD
added 2020/04/29 10:15 p.m.22 views

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

8.8CVSS8.4AI score0.02575EPSS
Exploits1References1
OSV
OSV
added 2020/04/29 10:15 p.m.20 views

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

8.8CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2020/04/29 10:15 p.m.27 views

Directory traversal

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

6.5CVSS8.4AI score0.02575EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/29 9:49 p.m.21 views

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

8.5AI score0.02575EPSS
Exploits1References1
CVE
CVE
added 2020/04/29 9:49 p.m.59 views

CVE-2020-12479

VULNERABILITY SUMMARY: TeamPass 2.1.27.36 is affected by a PHP file include (directory traversal) vulnerability triggered through crafted HTTP requests to sources/users.queries.php with the newValue parameter. The issue allows any authenticated TeamPass user to cause inclusion of arbitrary files,...

8.8CVSS8.3AI score0.02575EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder