54 matches found
VulnCheck KEV: CVE-2022-4982
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
CVE-2024-13982 SPON IP Network Intercom System rj_get_token.php Arbitrary File Read
SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...
Vulnerabilities in the "ac***" interface of Jaime's youth culture and social networking platform
Jaime is a social app under Beijing Blueberry Season Technology Co. The "ac" interface of the Cumulus youth culture social platform has an overstepping access vulnerability, which allows you to overstepping your authority to view other people's account information by traversing the parameters of...
OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit
Summary The NETGEAR compact N150 classic wireless router WNR500 improves your legacy Wireless-G network. It is a simple, secure way to share your Internet connection and allows you to easily surf the Internet, use email, and have online chats. The quick, CD-less setup can be done through a web...
F3Site 2009 mod/new.php GLOBALS[nlang] Parameter Traversal Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/37408/info F3Site is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
W-Agora 4.1.6 index.php bn Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a URL consisting of dot-dot-slash...
phpKF-Portal 1.10 anket_yonetim.php portal_ayarlarportal_dili Parameter Traversal Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to vi...
Ajax Chat 0.1 operator_chattranscript.php chatid Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/19238/info AJAX Chat is prone to both a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the directory-traversal...
phpCOIN 1.2 auxpage.php page Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database...
LoveCMS 1.4 index.php load Parameter Traversal Arbitrary File Access
No description provided by source...
LoveCMS 1.4 install/index.php step Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker ca...
Xoops 2.0.18 modules/system/admin.php fct Parameter Traversal Local File Inclusion
No description provided by source...
W-Agora 4.1.6 modules.php file Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a URL consisting of dot-dot-slash...
PortailPHP 2 mod_news/index.php chemin Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...
Zimbra Collaboration Server skin Parameter Traversal Local File Inclusion
The Zimbra Collaboration Server installed on the remote host is affected by a file disclosure vulnerability because it fails to properly sanitize user-supplied input to the 'skin' parameter of '/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz'. This vulnerability could...
GLPI 0.83.7 Parameter Traversal Arbitrary File Access Vulnerability
GLPI version 0.83.7 suffers from a parameter traversal vulnerability that allows for arbitrary file access. GLPI v0.83.7 itemtype Parameter Traversal Arbitrary File Access Exploit Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 Summary: GLP...
GLPI 0.83.7 Parameter Traversal Arbitrary File Access
GLPI v0.83.7 itemtype Parameter Traversal Arbitrary File Access Exploit Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 Summary: GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was...
airVision NVR path Parameter Traversal Arbitrary File Access
The remote web server hosts airVision NVR, an application used to remotely monitor IP cameras. The installed version of airVision NVR fails to properly sanitize user-supplied input to the 'path' parameter of the 'views/file.php' script. This could allow an unauthenticated, remote attacker to read...