CVE-2024-47071 OSS Endpoint Manager allows unauthorized access to read system files

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...

CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...

CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...

GHSA-Q3P4-GW7R-WQJC Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

WordPress sermon-shortcodes 1.0 Arbitrary File Download

Exploit Title : WordPress sermon-shortcodes 1.0 Plugins Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 27/11/2018 Vendor Homepage : wordpress.org sermonmanager.pro...

PhpGedView File Inclusion and PHP Code Injection Vulnerabilities (CVE-2011-0405)

PhpGedView is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process...

Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal Vulnerability

Exploit for java platform in category web applications source: http://www.securityfocus.com/bid/50567/info Oracle NoSQL is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain...

Glype proxy cookie jar path traversal allows code execution

------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September 2014...

LittleSite 0.1 'file' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to...

LittleSite 0.1 - index.php Local File Inclusion

LittleSite 0.1 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

LittleSite 0.1 Local File Include Vulnerability

Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

Web Servers Joomla Remote File Inclusion

Joomla component is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This...

PLS-Bannieres 1.21 Bannieres.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20772/info PLS-Bannieres is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicio...

SoftNews 4.1/5.5 engine/init.php root_dir Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...

ironwebmail <= 6.1.1 - Directory Traversal information disclosure vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20436/info IronWebMail is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to...

Prince Clan Chess Club 0.8 Include.PCchess.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19138/info Prince Clan Chess Club for Mambo is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files...

CH-CMS.ch 2 Multiple Arbitrary File Upload Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39888/info CH-CMS.ch is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it ...

DCP-Portal 6.0 admin/inc/header.inc.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20024/info DCP-Portal is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting, SQL-injection, and remote file-include issues, because the application fails to sanitize user-supplied...