11 matches found
EUVD-2015-9080
Malware in sbrugna...
EUVD-2009-1149
Malware in sbrugna...
SUSE CVE-2009-1148
Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...
CVE-2018-13290
Synology SRM 1.1.x is affected by CVE-2018-13290 (Information exposure via SYNO.Core.ACL). Affected: Synology Router Manager (SRM) before 1.1.7-6941-2. Issue: remote authenticated users can determine file existence or access sensitive file information via the file_path parameter. CVSS metrics ind...
CVE-2018-13290
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...
CVE-2018-13281
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...
CVE-2018-13281
The CVE-2018-13281 entry affects Synology DiskStation Manager (DSM) prior to 6.2-23739-2, specifically the SYNO.Core.ACL component. The vulnerability allows remote authenticated users to determine the existence of files and obtain their metadata via the file_path parameter, constituting an inform...
CVE-2018-13281
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...
AlegroCart Arbitrary Code Execution Vulnerability
AlegroCart is an open source online business solution from the Canadian ALEGROCART team. AlegroCart version 1.2.8 has a remote file inclusion vulnerability in the 'getfile' function of the upload/admin2/controller/reportlogs.php file, which stems from the program failing to detect the 'filepath'...
phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)
The version of phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 'filepath' parameter of the 'bsdispasmimetype.php' script before using it to read a file and reporting it in dynamically-generated HTML. An unauthenticated, remote attacker may be able to leverage...
CVE-2006-2852
PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the filepath parameter in 1 index.php, 2 feedback.php, and 3 printfriendly.php...