2593 matches found
Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities. id: CVE-2018-8727 info: name: Mirasys DVMS Workstation =5.12.7 to mitigate the LFI vulnerability. reference: -...
Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. id: CVE-2018-13980 info: name: Zeta Producer Desktop CMS 14.2.1 - Local File Inclusion author...
Directorist < 7.5.4 - Local File Inclusion
Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files. id: CVE-2023-2252 info: name: Directorist 7.5.4 - Local File Inclusion author: r3Y3r53 severity: low description: | Directorist before 7.5.4 is susceptible to Local...
Mlflow <2.3.0 - Local File Inclusion
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. id: CVE-2023-2356 info: name: Mlflow 2.3.0 - Local File Inclusion author: Co5mos severity: high description: | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. impact: | Successful exploitation...
Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion
A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...
Joomla! Cmimarketplace 0.1 - Local File Inclusion
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because comcmimarketplace allows remote attackers to list arbitrary directories via a .. dot dot in the viewit parameter to index.php. id: CVE-2009-1496 info: name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainf...
PrestaShop tshirtecommerce - Directory Traversal
The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27640 info: name: PrestaShop tshirtecommerce...
Mlflow <2.3.1 - Local File Inclusion Bypass
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. id: CVE-2023-2780 info: name: Mlflow 2.3.1 - Local File Inclusion Bypass author: iamnoooob,pdresearch severity: critical description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1...
ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion. id: CVE-2015-7780 info: name: ManageEngine Firewall Analyzer 8.0 - Local File Inclusion author: daffainfo severity: medium description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion...
WordPress Slider Revolution - Local File Disclosure
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. id:...
Bonita BPM Portal <6.5.3 - Local File Inclusion
Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...
WordPress MyPixs <=0.3 - Local File Inclusion
WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. id: CVE-2015-1000012 info: name: WordPress MyPixs =0.4 or apply the vendor-provided patch to fix the LFI vulnerability. reference: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 -...
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via comimagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. dot dot in the folder parameter to index.php. id: CVE-2008-4668 info: name: Joomla! Image Browser 0.1.5 rc2 - Local...
CMSimple 3.1 - Local File Inclusion
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when registerglobals is enabled which allows remote attackers to include and execute arbitrary local files via a .. dot dot in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...
WordPress Sniplets 1.1.2 - Local File Inclusion
PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...
EasySpider 0.6.2 - Arbitrary File Read
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
Joomla! Component com_rokdownloads - Local File Inclusion
A directory traversal vulnerability in the RokDownloads comrokdownloads component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1056 info: name: Joomla! Component comrokdownload...
VMware - Local File Inclusion
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...
TermTalk Server 3.24.0.2 - Local File Inclusion
TermTalk Server TTServer 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve. id: CVE-2021-35380 info: name: TermTalk Server 3.24.0.2 - Local File...