85200 matches found
WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing
FastDup WordPress plugin 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication. id: CVE-2023-6592 info: name: WordPress FastDup = 2.1.9 Sensitive Information Exposure -...
Lokomedia CMS - Local File Inclusion
A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...
Boa 0.94.13 - Information Disclosure
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE- multiple third parties report that this is a site-specific issue because those files are not par...
Label Studio - Sensitive Information Exposure
An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...
Yearning - Directory Traversal
Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning. id: CVE-2022-27043 info: name: Yearning - Directory Traversal author: Co5mos severity: high description: | Yearning h...
All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...
Issabel PBX 4.0.0-6 - Directory Listing
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory id: CVE-2023-37599 info: name: Issabel PBX 4.0.0-6 - Directory Listing author: ritikchaddha severity: high description: | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker...
Mlflow < 2.17.0 - Local File Inclusion
Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2024-8859...
KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection
The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...
CyberPower - SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32737 info: name: CyberPower - SQL Injection author: DhiyaneshDk severity: high description: | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3...
CyberPower < v2.8.3 - SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32739 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/ndconfig?mode=&uid=1'%20UNION%20select%201,2,3,sqliteversion;--"...
CyberPower - SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32738 info: name: CyberPower - SQL Injection author: DhiyaneshDk severity: high description: | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3...
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. id: CVE-2021-20114 info: name: TCExam = 14.8.1 - Sensitive Information Exposure author: push4d severity:...
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. id: CVE-2020-27361 info: name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.0...
Optergy Proton/Enterprise Building Management System - Open Redirect
Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...
GetSimple CMS 3.3.13 - Open Redirect
GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...
GRAND FlAGallery 1.57 - Cross-Site Scripting
A cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. id: CVE-2011-4624 info: name: GRAND FlAGallery 1.57 - Cross-Site Scripting...
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...