EUVD-2009-1149

Malware in sbrugna...

EUVD-2015-9080

Malware in sbrugna...

SUSE CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

CVE-2018-13290

Synology SRM 1.1.x is affected by CVE-2018-13290 (Information exposure via SYNO.Core.ACL). Affected: Synology Router Manager (SRM) before 1.1.7-6941-2. Issue: remote authenticated users can determine file existence or access sensitive file information via the file_path parameter. CVSS metrics ind...

CVE-2018-13281

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...

CVE-2018-13281

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...

CVE-2018-13281

The CVE-2018-13281 entry affects Synology DiskStation Manager (DSM) prior to 6.2-23739-2, specifically the SYNO.Core.ACL component. The vulnerability allows remote authenticated users to determine the existence of files and obtain their metadata via the file_path parameter, constituting an inform...

AlegroCart Arbitrary Code Execution Vulnerability

AlegroCart is an open source online business solution from the Canadian ALEGROCART team. AlegroCart version 1.2.8 has a remote file inclusion vulnerability in the 'getfile' function of the upload/admin2/controller/reportlogs.php file, which stems from the program failing to detect the 'filepath'...

phpMyAdmin file_path Parameter Vulnerabilities (PMASA-2009-1)

The version of phpMyAdmin installed on the remote host fails to sanitize user-supplied input to the 'filepath' parameter of the 'bsdispasmimetype.php' script before using it to read a file and reporting it in dynamically-generated HTML. An unauthenticated, remote attacker may be able to leverage...

CVE-2006-2852

PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the filepath parameter in 1 index.php, 2 feedback.php, and 3 printfriendly.php...