CVE-2018-6397

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter...

Directory traversal

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter...

Cross-site Scripting (XSS)

symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. A flaw in the template/usererror.missingextension.php allows attackers to inject script through the existing-folder parameter...

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-15545)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the /application/lib/ajax/getimage.php file in FineCMS 2017-07-12 and earlier versions. A remote attacker can exploit the vulnerability to inject...

CVE-2017-5542

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

CVE-2017-5542

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

CVE-2017-5542

Cross-site scripting XSS vulnerability in template/usererror.missingextension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter...

OpenXchange User Enumeration

Hi@all, there is an information disclosure in OpenXchange prior 7.8. An authenticated user can enumerate all imap user folders. If you browse the PoC you get an permission denied error, but the folder’s name is reflected into the page in json format. About Open Xchange: Open-Xchange2 develops,...

Coppermine Photo Gallery Catalog Enumeration Vulnerability

Coppermine Photo Gallery is a web-based album management system. The Coppermine Photo Gallery minibrowser.php script fails to adequately filter the 'folder' parameter, allowing remote attackers to exploit a vulnerability to enumerate directories...

I-Gallery Folder Argument Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. An attacker...

Code injection

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders 1 by leveraging an active folder tab loaded before permissions were removed or 2 via the folder parameter to...

Sql injection

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

CVE-2014-3246

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

Cross site scripting

Cross-site scripting XSS vulnerability in display.php in Obsession-Design Image-Gallery ODIG 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter...

PT-2008-2240 · WordPress · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook plugin for WordPress versions 1.7.0 through 1.8.0 Description: A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using a .. dot dot in the folder and file...

DEBIAN-CVE-2005-3559

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. dot dot in the folder parameter...

CVE-2004-2334

Multiple cross-site scripting XSS vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via 1 a hex-encoded value to the variable parameter in emumail.fcgi, 2 the folder parameter in emumail.fcgi, or Javascript in the 3 username or 4 password field in...

CVE-2005-2033

Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter...

I-Gallery - Folder Argument Cross-Site Scripting

I-Gallery - Folder Argument Cross-Site Scripting source: https://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp...