CVE-2024-47071 OSS Endpoint Manager allows unauthorized access to read system files

OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4...

CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...

CVE-2010-1433

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...

GHSA-Q3P4-GW7R-WQJC Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

WordPress sermon-shortcodes 1.0 Arbitrary File Download

Exploit Title : WordPress sermon-shortcodes 1.0 Plugins Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 27/11/2018 Vendor Homepage : wordpress.org sermonmanager.pro...

PhpGedView File Inclusion and PHP Code Injection Vulnerabilities (CVE-2011-0405)

PhpGedView is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process...

Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal Vulnerability

Exploit for java platform in category web applications source: http://www.securityfocus.com/bid/50567/info Oracle NoSQL is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain...

LittleSite 0.1 'file' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to...

Glype proxy cookie jar path traversal allows code execution

------------------------------------------------------------------------ Glype proxy cookie jar path traversal allows code execution ------------------------------------------------------------------------ Securify, September 2014...

LittleSite 0.1 - index.php Local File Inclusion

LittleSite 0.1 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

LittleSite 0.1 Local File Include Vulnerability

Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

Web Servers Joomla Remote File Inclusion

Joomla component is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This...

Prototype of an PHP application 0.1 ident/loginmodif.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

LoveCMS 1.4 install/index.php step Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker ca...

PHPX 3.5.15/3.5.16 forums.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserve...

otalCalendar 0 about.php inc_dir Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...

In-Portal In-Link 2.3.4 ADODB_DIR.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19824/info In-portal In-link is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...