CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

Epignosis eFront Code Execution Vulnerability

Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A code execution vulnerability exists in the globals.php page in eFront version 3.6.1...

wagora-disclose.txt

netVigilance Security Advisory 15 w-agora version 4.2.1 Information Disclosure Vulnerability Description: w-agora is a set of scripts written in PHP. This package is intended to allow users to share, exchange and publish information, files and discussions over the web. It is possible to disclose...