CVE-2015-0933

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openinany setting is omitted, allows remote authenticated users to read arbitrary files via a \include command...

CVE-2015-0933

CVE-2015-0933 is a path traversal defect in ShareLaTeX 0.1.3 and earlier where omitting the openin_any setting lets remote authenticated users read arbitrary files via the \include{} command. Affected component: the ShareLaTeX server before 0.1.3. Root cause: inadequate input/path handling allowi...

Webshop Hun 1.062S Directory Traversal

Webshop hun v1.062S Directory Traversal Security Vulnerabilities Exploit Title: Webshop hun v1.062S /index.php &mappa Parameter Directory Traversal Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: Mar 04,...

Seagate Business NAS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Busine...

Seagate Business NAS Unauthenticated Remote Command Execution

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

noVNC 'include/webutil.js' session hijacking vulnerability

NOVNC is a VNC client , using HTML 5 WebSockets, Canvas and JavaScript technology . A session hijacking vulnerability exists in noVNC 'include/webutil.js', which allows attackers to exploit the vulnerability to gain unauthorized access to the application...

New CMS 2.1 Local File Inclusion

=============================================== + TITLE : NEW CMS Local File Inclusion Vulnerability /proc/self/environ + VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice + VERSION : 2.1 or Later + AUTHOR : R3vanBastard + TESTED ON : Windows + DORK : "New CMS"...

Program-O v2.4.6 - Multiple Web Vulnerabilities

Document Title: =============== Program-O v2.4.6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1414 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 1414 Commo...

Program-O v2.4.6 - Multiple Web Vulnerabilities

Document Title: =============== Program-O v2.4.6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1414 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 1414 Commo...

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities

Document Title: =============== Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1407 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ====================================...

Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities

Document Title: =============== Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1407 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ====================================...

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...

Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

DzzOffice 1.2.2 /index.php 本地文件包含漏洞

Index.php$dzz = C::app; $mod = getgpc'mod'; $mod = !empty$mod ? $mod : ''; $op = !empty$GET'op' ? $GET'op' : 'index'; $cachelist = array; $dzz-cachelist = $cachelist; $dzz-init; //调用各自的模块 ifempty$mod if$G'uid'1 && $G'setting''loginset''available' @header"Location: user.php?mod=logging"; exit;...

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability...

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...