Lucene search
K

41 matches found

Prion
Prion
added 2019/05/31 10:29 p.m.16 views

Design/Logic Flaw

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

7.5CVSS9.2AI score0.02791EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2017/07/21 6:29 a.m.23 views

CVE-2017-10993

Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal...

8.8CVSS7.7AI score
Exploits0References1
Patchstack
Patchstack
added 2015/04/29 12:0 a.m.22 views

WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities

TheCartPress plugin is prone to multiple vulnerabilities, such as local PHP file inclusion, stored XSS, improper access control and multiple XSS vulnerabilities. Solution Update the plugin...

4.3CVSS1.7AI score0.06422EPSS
Exploits5References1Affected Software1
Exploit DB
Exploit DB
added 2015/04/29 12:0 a.m.73 views

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities

Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor Notification: April 8, 2015 Public Disclosure: April 29, 2015 Vulnerabili...

7.5CVSS7.7AI score0.21674EPSS
Exploits8
NVD
NVD
added 2011/02/04 1:0 a.m.17 views

CVE-2011-0537

Multiple directory traversal vulnerabilities in 1 languages/Language.php and 2 includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors...

7.5CVSS7.2AI score0.02922EPSS
Exploits0References8
seebug.org
seebug.org
added 2009/12/22 12:0 a.m.19 views

Simple PHP Blog <= 0.5.1 Local File Include vulnerability

No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS scored...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/12/05 12:0 a.m.39 views

Invision Power Board Local File Inclusion / SQL Injection

============================================= - Release date: December 4th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL...

Exploits0
seebug.org
seebug.org
added 2009/12/04 12:0 a.m.26 views

Invision Power Board <= 3.0.4 LFI and <=3.0.4 and <=2.3.6 SQL Injection

No description provided by source. ============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3....

7.1AI score
Exploits0
Prion
Prion
added 2007/10/26 6:46 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...

4.3CVSS6.1AI score0.00885EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/10/26 6:46 p.m.17 views

Directory traversal

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS7.7AI score0.03024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/10/26 6:0 p.m.18 views

CVE-2007-5683

Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...

5.9AI score0.00885EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/10/26 6:0 p.m.22 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.3AI score0.03024EPSS
Exploits0References2
Prion
Prion
added 2007/09/11 7:17 p.m.13 views

Path traversal

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

7.5CVSS7.5AI score0.02334EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/09/11 7:0 p.m.20 views

CVE-2007-4820

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

7AI score0.02334EPSS
Exploits1References4
NVD
NVD
added 2006/04/26 8:6 p.m.12 views

CVE-2006-2060

Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...

6.4CVSS6.8AI score0.02182EPSS
Exploits0References9
Prion
Prion
added 2006/04/26 8:6 p.m.15 views

Directory traversal

Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...

6.4CVSS7.3AI score0.02182EPSS
Exploits0References9Affected Software1
securityvulns
securityvulns
added 2005/09/26 12:0 a.m.26 views

[Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GeSHi Local PHP file inclusion 1.0.7.2 Author: Maksymilian Arciemowicz cXIb8O3 .17 Date: 21.9.2005 from SECURITYREASON.COM - --- 0.Description --- GeSHi started as a mod for the phpBB forum system, to enable highlighting of more languages than the...

7AI score
Exploits0
NVD
NVD
added 2005/08/24 4:0 a.m.15 views

CVE-2005-2686

Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the 1 SITEPath parameter to menudx.php or 2 CONTENTSDir parameter to menusx.php...

7.5CVSS7.3AI score0.01726EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2005/08/23 12:0 a.m.24 views

SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/14643/info SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality an...

7.4AI score
Exploits0
CVE
CVE
added 2005/02/20 5:0 a.m.46 views

CVE-2004-1601

The CVE-2004-1601 entry concerns CoolPHP 1.0-stable. Affected component: index.php; vulnerability: directory traversal via the op parameter using .. to access arbitrary files and execute local PHP scripts. Root cause: improper input validation leading to path traversal. Exploitation details are n...

7.5CVSS6.9AI score0.02702EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder