JVN#11622218: iChain Insurance Wallet App for iOS vulnerable to directory traversal

iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device...

Config-Model Local Elevation of Privilege Vulnerability

Config-Model aka libconfig-model-perl is an open source tool for validating, migrating or editing configuration files, which can support a variety of user interfaces such as graphical and interactive commands. A security vulnerability exists in the lib/Config/Model.pm file in versions of...

FeiXun enterprise website management system v2011 upload vulnerabilities pass to kill 0day-vulnerability warning-the black bar safety net

Affected version: v2011 Official website: http://www.webhtm.cn PRODUCT DESCRIPTION: Suitable Agent building a Business Site of the enterprise source code, The aspect of the practical! Program description: 1. Features: simplified and Traditional Chinese switch, the product display system, news...

Directory traversal

Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 languagesn.php, 2 languagesf.php, or 3 languages.php in inc/; and 4 allow remote attackers to read arbitrary...

CVE-2006-2877

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the includeprefix parameter in 1 inc/dbase.php, 2 inc/config.php, 3 inc/common.php, and 4 inc/function.php. NOTE: it has been reported that the inc directory is...