Lucene search
K

6 matches found

CVE
CVE
added 2009/03/16 7:0 p.m.56 views

CVE-2009-0917

CVE-2009-0917 describes a cross-site scripting (XSS) vulnerability in DFLabs PTK versions 1.0.0 through 1.0.4. The issue occurs when a forensic image containing HTML documents is provided, causing HTML/Script content to be rendered in browsers during PTK inspection. This allows remote attackers t...

4.3CVSS5.9AI score0.01537EPSS
CVE
CVE
added 2012/11/17 9:0 p.m.50 views

CVE-2012-5901

CVE-2012-5901 affects DFLabs PTK 1.0.5, where data files are stored with predictable names under the web document root. The root cause is insufficient access control, enabling remote attackers to read logs, images, or reports by directly requesting files in the (1) log, (2) images, or (3) report ...

5CVSS6.8AI score0.01369EPSS
CVE
CVE
added 2014/12/28 2:0 a.m.48 views

CVE-2012-1415

DFLabs PTK is affected by a CSRF in lib/logout.php affecting PTK 1.0.5 and earlier. The vulnerability allows remote attackers to hijack the authentication of administrators or investigators to trigger a logout. Root cause is CSRF in the logout request; versions prior to 1.0.5 are impacted. Public...

6.8CVSS7.3AI score0.0106EPSS
CVE
CVE
added 2009/05/07 5:0 p.m.42 views

CVE-2008-6793

The CVE-2008-6793 entry describes a remote code execution flaw in DFLabs PTK (versions 0.1, 0.2, 1.0) related to get_file_type in lib/file_content.php. The underlying issue is that a filename within a forensic image can include a crafted arg1= sequence with shell metacharacters, allowing an attac...

6.8CVSS7.9AI score0.06928EPSS
CVE
CVE
added 2012/11/17 9:0 p.m.42 views

CVE-2012-5902

The CVE-2012-5902 entry relates to a Cross-site Scripting (XSS) vulnerability in DFLabs PTK 1.0.5, specifically in the file ptk/lib/modal_bookmark.php where arbitrary web script/HTML can be injected via the arg4 parameter. The description consistently identifies the affected component and payload...

4.3CVSS5.9AI score0.01161EPSS
CVE
CVE
added 2009/03/16 7:0 p.m.38 views

CVE-2009-0918

CVE-2009-0918 affects DFLabs PTK 1.0.0–1.0.4. The issue allows remote attackers to execute arbitrary commands in processes launched by PTK’s Apache HTTP Server via two vectors: (1) “external tools” and (2) a crafted forensic image. The underlying cause is unspecified in the provided documents bey...

7.5CVSS7.9AI score0.02728EPSS