41 matches found
Design/Logic Flaw
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...
CVE-2017-10993
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal...
WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities
TheCartPress plugin is prone to multiple vulnerabilities, such as local PHP file inclusion, stored XSS, improper access control and multiple XSS vulnerabilities. Solution Update the plugin...
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor Notification: April 8, 2015 Public Disclosure: April 29, 2015 Vulnerabili...
CVE-2011-0537
Multiple directory traversal vulnerabilities in 1 languages/Language.php and 2 includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors...
Simple PHP Blog <= 0.5.1 Local File Include vulnerability
No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS scored...
Invision Power Board Local File Inclusion / SQL Injection
============================================= - Release date: December 4th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL...
Invision Power Board <= 3.0.4 LFI and <=3.0.4 and <=2.3.6 SQL Injection
No description provided by source. ============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3....
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...
Directory traversal
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...
CVE-2007-5683
Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...
CVE-2007-5684
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...
Path traversal
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...
CVE-2007-4820
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...
CVE-2006-2060
Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...
Directory traversal
Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...
[Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GeSHi Local PHP file inclusion 1.0.7.2 Author: Maksymilian Arciemowicz cXIb8O3 .17 Date: 21.9.2005 from SECURITYREASON.COM - --- 0.Description --- GeSHi started as a mod for the phpBB forum system, to enable highlighting of more languages than the...
CVE-2005-2686
Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the 1 SITEPath parameter to menudx.php or 2 CONTENTSDir parameter to menusx.php...
SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities
source: https://www.securityfocus.com/bid/14643/info SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality an...
CVE-2004-1601
The CVE-2004-1601 entry concerns CoolPHP 1.0-stable. Affected component: index.php; vulnerability: directory traversal via the op parameter using .. to access arbitrary files and execute local PHP scripts. Root cause: improper input validation leading to path traversal. Exploitation details are n...