56 matches found
Design/Logic Flaw
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service...
CVE-2022-40742 SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File Inclusion
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service...
Path traversal
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...
CVE-2022-22054 ASUS RT-AX56U - Path Traversal
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...
ZOHO ManageEngine Log360 code issue vulnerability
ZzOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A code issue...
Unspecified vulnerability in elFinder
elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads , image scaling and other features . A security vulnerability exists in elFinder.Net.Core that stems from user-controlled filenames not being properly cleaned up before being us...
MetInfo 路径遍历漏洞
MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...
Citrix ShareFile StorageZones Controller Multiple Security Updates
Description of Problem Two security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system, and also to discover the full...
Lexiglot Path Traversal Vulnerability
Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. A path traversal vulnerability exists in Lexiglot 2014-11-20 and earlier versions, which can be exploited by remote attackers to obtain sensitive information full path with the help of...
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...
GLSA-201805-09 : Shadow: security bypass
The remote host is affected by the vulnerability described in GLSA-201805-09 Shadow: security bypass A local attacker could possibly bypass security restrictions if an administrator used group blacklisting to restrict access to file system paths. Impact : A local attacker could possibly bypass...
Shadow: security bypass
Background Shadow is a set of tools to deal with user accounts. Description A local attacker could possibly bypass security restrictions if an administrator used “group blacklisting” to restrict access to file system paths. Impact A local attacker could possibly bypass security restrictions...
phpThumb 'phpThumbDebug' Information Disclosure
No description provided by source. Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure Google Dork: inurl:phpThumb.php Date: 06/05/2011 Author: mook Software Link: http://phpthumb.sourceforge.net/download Version: 1.7.9 Tested on: linux Vulnerability: Information disclosure which...
phpThumb - phpThumbDebug Information Disclosure
phpThumb - phpThumbDebug Information Disclosure Exploit Title: phpThumb 'phpThumbDebug' Information Disclosure Google Dork: inurl:phpThumb.php Date: 06/05/2011 Author: mook Software Link: http://phpthumb.sourceforge.net/download Version: 1.7.9 Tested on: linux Vulnerability: Information disclosur...
The system paths are to be locked down to the JIRA Home directory
Currently JIRA allows you to change system file paths at runtime. While convenient, this allowed an attacker to elevate his/her stolen system admin access into a situation where he/her can execute arbitrary code. A decision has been made to remove the ability to set the paths at run time. For new...
The system paths are to be locked down to the JIRA Home directory
Currently JIRA allows you to change system file paths at runtime. While convenient, this allowed an attacker to elevate his/her stolen system admin access into a situation where he/her can execute arbitrary code. A decision has been made to remove the ability to set the paths at run time. For new...