WebGlimpse 2.18.7 - Directory Traversal

A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the DOC parameter. id: CVE-2009-5114 info: name: WebGlimpse 2.18.7 - Directory Traversal author: daffainfo severity: medium description: A...

Joomla! Component com_jvideodirect - Directory Traversal

Directory traversal vulnerability in the jVideoDirect comjvideodirect component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0942 info: name: Joomla! Component comjvideodirect - Directory Traversal author:...

Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

A directory traversal vulnerability in the Dione Form Wizard aka FDione or comdioneformwizard component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-2045 info: name: Joomla! Component...

WebIQ 2.15.9 - Directory Traversal

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. id: CVE-2024-8752 info: name: WebIQ 2.15.9 - Directory Traversal author: s4e-io severity: high description: | The Windows version of WebIQ 2.15.9 is...

EUVD-2014-3718

Malware in sbrugna...

CVE-2024-11315 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

Authentication flaw

PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts...

Exploit for Code Injection in Gitlab

CVE-2021-22205 This vulnerability arises from Gitlab’s impro...

Portlandlabs Concrete5 Cross-Site Scripting Vulnerability

Portlandlabs Concrete5 is an open source content management system CMS from PortlandLabs, Inc. A cross-site scripting vulnerability exists in Portlandlabs Concrete5 crete5-legacy 5.6.4.0 and prior versions, which can be exploited by remote attackers to "cID" parameter to inject arbitrary web scri...

SourceCodester E-Commerce Website SQL Injection Vulnerability

SourceCodester E-Commerce Website is a software application. A PHP e-commerce website project for bookstores. A SQL injection vulnerability exists in SourceCodester E-Commerce Website version V1.0, which originates from a lack of validation of the update parameter of empViewUpdate.php against an...

CVE-2021-20201

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection...

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

Adobe Photoshop JSX File ExtendScript File.read Insufficient UI Warning Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

The ViewSystemInfo class doGarbageCollection method was vulnerable to CSRF - CVE-2019-11588

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...

CVE-2019-6988

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service attempted excessive memory allocation in opjcalloc in openjp2/opjmalloc.c, when called from opjtcdinittile in openjp2/tcd.c, as demonstrated by the 64-bit opjdecompress...

CVE-2018-7568

The parsedie function in dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service integer overflow and application crash via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm...

TinyWebGallery v2.4 (TWGE) - Persistent XSS Vulnerability

Document Title: =============== TinyWebGallery v2.4 TWGE - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1997 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16635...

CVE-2014-0691

Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643...

CVE-2017-11102

The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service application crash during JNG reading via a zero-length colorimage data structure...

CVE-2017-7596

LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...