CVE-2018-12909

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment...

FreeBSD : twiki -- remote Perl code execution (21ce1840-6107-11e4-9e84-0022156e8794)

TWiki developers report : The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not...

IkonBoard 2.1.7b - Remote File Disclosure

source: https://www.securityfocus.com/bid/2471/info Ikonboard is a perl-based discussion forum script from ikonboard.com. Versions of Ikonboard are vulnerable to remote disclosure of arbitrary files. By adding a null byte to the name of a requested file, the attacker can defeat the script's inbui...