1232 matches found
CVE-2013-2057
YaBB through 2.5.2 is affected by a Local File Include vulnerability caused by the 'guestlanguage' cookie parameter, enabling inclusion of local files due to improper handling of the cookie value. Affected product/component: YaBB (web forum) up to version 2.5.2. Root cause: unsanitized cookie par...
CVE-2013-2678
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...
CVE-2013-2678
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...
CVE-2013-2678
CVE-2013-2678 affects Cisco Linksys E4200 devices running firmware 1.0.05 Build 7. The Local File Include vulnerability in the apply.cgi script (submit_type parameter) could allow remote attackers to obtain sensitive information or execute arbitrary code. Public references describe XSS/LFI vector...
CVE-2013-3212
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...
Code injection
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...
CVE-2013-3212
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...
CVE-2013-3212
CVE-2013-3212 affects vtiger CRM <= 5.4.0. Affected component: SOAP-based customerportal.php with two Local File Inclusion vulnerabilities in get_list_values and get_project_components. Root cause: input in the module parameter is not properly validated, leading to require_once of untrusted lo...
CVE-2012-2950
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...
Design/Logic Flaw
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...
CVE-2012-2950
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...
CVE-2012-2950
CVE-2012-2950 affects Gateway Geomatics MapServer for Windows (MS4W). The vulnerability is a Local File Inclusion in the bundled Apache/PHP configuration that allows remote attackers to view arbitrary files and execute PHP code with SYSTEM privileges. Affected releases are the MS4W packages up to...
PHP-Proxy Weak Encryption Vulnerability
PHP-Proxy is a web-based proxy script featuring fast, easy customization and the ability to provide support for complex websites such as YouTube and Facebook. A weak encryption vulnerability in the strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy versions 5.1.0 and...
Intelbras Telefone IP TIP200 LITE Local File Disclosure
Exploit Title: INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include Google Dork: Date: 16/03/2018 Exploit Author: Matheus Goncalves - anhax0r Vendor Homepage: https://www.facebook.com/anhaxteam/ Software Link: Version: 60.0.75.29 REQUIRED Tested on: Debian CVE : if applicable Remember that yo...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
CVE-2018-8712
Webmin 1.840/1.880 expose a Local File Inclusion flaw due to weak default config: enabling "Can view any file as a log file" lets non-privileged users read sensitive local files (e.g., /etc/shadow) via GET /syslog/save_log.cgi?view=1&file=/etc/shadow. Root cause: default settings grant access to ...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
Chromebackdoor graniet v3.0 web panel Multi Vulnerability
Exploit for php platform in category web applications Exploit Title: botnet graniet chrome backdoor v3.0 web panel multi vulnerability Date: 10-1-2017 Exploit Author: alqnas eslam Vendor Homepage:fb.com/alqnas4 Software Link:https://github.com/graniet/chromebackdoor Tested on:any os 1- cross site...