Joomla component com_joomanager parameter path arbitrary file download vulnerability

Joomla! is a content management system. An arbitrary file download vulnerability exists in the parameter path of the Joomla component joomanagerde. Allows an attacker to exploit the vulnerability to download sensitive information such as configuration files...

CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...

CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

Advantech WebAccess datacore Service datacore.exe Path strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x791E IOCTL in the Kernel subsystem. A stack-based buffer...

Remote Command Execution Vulnerability in Service_path Parameter of Security Authentication Gateway of Shanghai Gale Software Co.

Gehl Secure Authentication Gateway is to provide digital certificate based authentication service, data link encryption service for network applications. A remote command execution vulnerability exists in the servicepath parameter in the /api/query.php?getaction=log page of the Secure...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...

Unrestricted file upload

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specifi...

CVE-2015-1053

Cross-site scripting XSS vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/filemanager/filemanager/editfile...

Codiad path directory traversal vulnerability

Codiad is an open source Web-based IDE application for writing and editing code online. A directory traversal vulnerability exists in Codiad components/filemanager/download.php, which allows an attacker to read the contents of arbitrary files via the path parameter...

Directory traversal

Directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter...

CVE-2014-5368

Directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter...

XEN Carousel < 0.12.2 - XSS vulnerabilities in xencarousel-admin.js.php via path or ajaxpath parameter

The xen-carousel WordPress plugin was affected by a XSS vulnerabilities in xencarousel-admin.js.php via path or ajaxpath parameter security vulnerability...

Directory traversal

Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. dot dot in the path parameter to 1 addheaders.php or 2 minify.php...

CVE-2014-4529

Cross-site scripting XSS vulnerability in fpgpreview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter...

Bloq 0.5.4 admin.php page[path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the...

ezUpload 2.2 customize.php path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues ...

CVE-2012-5057

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...

Crlf injection

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...

tomcat: session fixation still possible with disableURLRewriting enabled

It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a...