6 matches found
CVE-2009-0917
CVE-2009-0917 describes a cross-site scripting (XSS) vulnerability in DFLabs PTK versions 1.0.0 through 1.0.4. The issue occurs when a forensic image containing HTML documents is provided, causing HTML/Script content to be rendered in browsers during PTK inspection. This allows remote attackers t...
CVE-2012-5901
CVE-2012-5901 affects DFLabs PTK 1.0.5, where data files are stored with predictable names under the web document root. The root cause is insufficient access control, enabling remote attackers to read logs, images, or reports by directly requesting files in the (1) log, (2) images, or (3) report ...
CVE-2012-1415
DFLabs PTK is affected by a CSRF in lib/logout.php affecting PTK 1.0.5 and earlier. The vulnerability allows remote attackers to hijack the authentication of administrators or investigators to trigger a logout. Root cause is CSRF in the logout request; versions prior to 1.0.5 are impacted. Public...
CVE-2008-6793
The CVE-2008-6793 entry describes a remote code execution flaw in DFLabs PTK (versions 0.1, 0.2, 1.0) related to get_file_type in lib/file_content.php. The underlying issue is that a filename within a forensic image can include a crafted arg1= sequence with shell metacharacters, allowing an attac...
CVE-2012-5902
The CVE-2012-5902 entry relates to a Cross-site Scripting (XSS) vulnerability in DFLabs PTK 1.0.5, specifically in the file ptk/lib/modal_bookmark.php where arbitrary web script/HTML can be injected via the arg4 parameter. The description consistently identifies the affected component and payload...
CVE-2009-0918
CVE-2009-0918 affects DFLabs PTK 1.0.0–1.0.4. The issue allows remote attackers to execute arbitrary commands in processes launched by PTK’s Apache HTTP Server via two vectors: (1) “external tools” and (2) a crafted forensic image. The underlying cause is unspecified in the provided documents bey...