FlightPath versions prior to 4.8.2 and 5.0-rc2 suffer from a local file inclusion vulnerability.
81a5a17dad2e62aa8208195f197d9a8cKarenderia CMS version 5.1 suffers from a local file inclusion vulnerability.
2952a4c298b557165f29dd1aac506d88Sahi Pro version 8.x suffers from a directory traversal vulnerability.
41dd25ca7d333a937dac9ce21e902c3dBlogEngine.NET versions 3.3.6 and 3.3.7 suffer from a path directory traversal vulnerability.
bfe95ac05c7d56a481cbc5285b597336GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities.
6d0d535f84fca415f6d7ac427f470f56BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities.
888d7c169f3e6e9a215b1eceffb103b7BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from dirPath directory traversal and remote code execution vulnerabilities.
f53272715e0e3639f8c26fa46102e350Sahi Pro versions 7.x and 8.x suffer from a directory traversal vulnerability.
447b6e5379ba63135313599ca9183123Dell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Versions 1.0.50 and 1.0.51 are affected.
b08560c4e11f44a30c641145b375c2f5Supra Smart Cloud TV suffers from an openLiveURL() remote file inclusion vulnerability.
25ecf7c683b48930b3f5f26642c4927aIceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability.
8eedeb172cfa2d07a0b87b57a65840a5Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability.
c7a81878c4f374eb5bf47253e526c750Deltek Maconomy version 2.2.5 suffers from a local file inclusion vulnerability.
a6d27db934fbef116d7f230a5502215eBitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.
657e273aa3e0e9c381f5de0e31630a90Moodle Jmol Filter version 6.1 suffers from cross site scripting and directory traversal vulnerabilities.
4394b07dc0b5272a5830b271519acd42NetNumber Titan ENUM/DNS/NP version 7.9.1 suffers from authorization bypass and path traversal vulnerabilities.
049a4990d0a1f85d33de8b27b1faa179This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.
4cec9f77b2ac836a1fef57d954b7fa22osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.
c6bdf1690086d5f3d63da393f7da49fbConfluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.
ecb6b12f605a3e2392294e768ae4f8beWordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities.
f6686ff9fc966ce12dba21aec12aaeb0Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from a directory traversal vulnerability.
9609e14be7ddc622ccd6ff1ad192dbe1Evernote version 4.9 suffers from a path traversal that can allow for code execution.
d4904d2fd1cf06efcec045568d6f2691Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.
8cd07fef6144f3579e25aa9810aebe07Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities.
bf196a89942c4e399ed9ea256488aabbWordPress Form Maker plugin version 1.13.2 suffers from cross site request forgery and local file inclusion vulnerabilities.
8deea4221b9f9ccb2ca588bc0021f050
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed