CVE-2017-2550

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...

CVE-2017-2550

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename...

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution Exploit

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'newhomepage' parameter of the 'saveHomePage'...

CVE-2017-6758

A vulnerability in the web framework of Cisco Unified Communications Manager 11.51.10000.6 could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by...

Generic HTTP Directory Traversal / File Inclusion (Web Root) - Active Check

Generic check for HTTP directory traversal / file inclusion vulnerabilities on the web root level of the remote web server. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Improper access control

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials...

Default configuration

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys...

CVE-2014-3928

Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials...

CVE-2014-3929

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys...

Multiple vulnerabilities in ZoneMinder

ZoneMinder is an open source video surveillance system. An information disclosure and authentication bypass vulnerability exists in the Apache HTTP server configuration in ZoneMinder version 1.30.0. An unauthenticated remote attacker can exploit the vulnerability to browse all web root directorie...

ZoneMinder Information Disclosure Vulnerability (Nov 2016) - Active Check

ZoneMinder is prone to an information disclosure and authentication bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-10140

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCT...

UBUNTU-CVE-2016-10140

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCT...

DEBIAN-CVE-2016-10140

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCT...

CVE-2016-10140

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCT...

PHPMailer Sendmail Argument Injection Exploit

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a...

Arbitrary Code Execution Vulnerability in MOMOCMS

MoMoCMS is an enterprise building system developed by php+MySQL. An arbitrary code execution vulnerability exists in version 5.6.1 of the MoMoCMS enterprise website builder system. It allows attackers to exploit the vulnerability to execute task code and write shell.php file in the web root...

CVE-2016-2877

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...

CVE-2016-2877

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...

Design/Logic Flaw

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...