PT-2024-40173 · Unknown · Camaleon Cms

Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: The issue concerns a path traversal vulnerability in the MediaController class. An attacker who has taken over an administrator account could potentially delete arbitrary files or...

SourceCodester Zipped Folder Manager App 代码问题漏洞

SourceCodester Zipped Folder Manager App is an open source zipped folder manager application from SourceCodester. A code issue vulnerability exists in version 1.0 of the SourceCodester Zipped Folder Manager App that stems from improper handling of the parameter folder, resulting in unrestricted...

PT-2024-15775 · Unknown · Miczflor Rpi-Jukebox-Rfid

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.5.0 Description: A critical issue affects some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc...

SUSE CVE-2005-3559

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. dot dot in the folder parameter...

Path Traversal Vulnerability in Joomla! (CNVD-2020-75069)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 2.5.0 - 3.9.22. The vulnerabilit...

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

Path traversal

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

Directory traversal

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory...

CVE-2018-12314

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters...

Cross site scripting

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

OpenXchange User Enumeration

Hi@all, there is an information disclosure in OpenXchange prior 7.8. An authenticated user can enumerate all imap user folders. If you browse the PoC you get an permission denied error, but the folder’s name is reflected into the page in json format. About Open Xchange: Open-Xchange2 develops,...

Coppermine Photo Gallery Catalog Enumeration Vulnerability

Coppermine Photo Gallery is a web-based album management system. The Coppermine Photo Gallery minibrowser.php script fails to adequately filter the 'folder' parameter, allowing remote attackers to exploit a vulnerability to enumerate directories...

I-Gallery Folder Argument Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. An attacker...

Code injection

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders 1 by leveraging an active folder tab loaded before permissions were removed or 2 via the folder parameter to...

CVE-2014-3246

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

Cross site scripting

Cross-site scripting XSS vulnerability in display.php in Obsession-Design Image-Gallery ODIG 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter...

PT-2008-2240 · WordPress · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook plugin for WordPress versions 1.7.0 through 1.8.0 Description: A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using a .. dot dot in the folder and file...

DEBIAN-CVE-2005-3559

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. dot dot in the folder parameter...

CVE-2004-2334

Multiple cross-site scripting XSS vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via 1 a hex-encoded value to the variable parameter in emumail.fcgi, 2 the folder parameter in emumail.fcgi, or Javascript in the 3 username or 4 password field in...