Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.
f60c4ad77076831e6c6210dffcd07d54Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
ebe53272a318e753d01ffa4b44a12413Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.
f2d171b04734775d46bcc4f5dc3a2213Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.
f2f6e3d92179511f87fa66f851387309Mini Mouse version 9.3.0 suffers from local file inclusion and path traversal vulnerabilities.
5f48132206c39831f6956e4b977d8857Mini Mouse version 9.2.0 suffers from a path traversal vulnerability.
bf7068dcc9ec6cf759296e42c7397713WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.
486a3c691b8eb36346d834cb5c332a48rConfig version 3.9.6 suffers from a local file inclusion vulnerability.
98b4a60e9662ee6e4e1ed50a97c5a0bcFluig versions 1.7.0-210217 and below suffer from a path traversal vulnerability.
360e2f6a2b7d7edb421a3de50030196aYeastar TG400 GSM Gateway version 91.3.0.3 suffers from a path traversal vulnerability.
a467c9ff54325292a1cc919f562ee67fSolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.
bcff8e686a6d68a1e71f68016c03b076WordPress Supsystic Backup plugin version 2.3.9 suffers from a local file inclusion vulnerability.
aa7db6fb704f48b330319ce9f9b505e6WordPress Supsystic Digital Publications plugin version 1.6.9 suffers from cross site scripting, denial of service, and traversal vulnerabilities.
20cf753fe2b0be4cf71a7b33d728cf4fWordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.
87ecab4766942bdc35c24a3b4d93d1ddHome Assistant Community Store (HACS) version 1.10.0 suffers from a path traversal vulnerability that allows for account takeover.
2e4344a9f1aa53aed3bf84cb9d2bc67dEyesOfNetwork version 5.3 suffers from a local file inclusion vulnerability.
88fd5acc1e0c31de7e01d0c3cfd29bc1Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.
576b9b1598c826767542e7d40705bbc2Gotenberg versions 6.2.0 and below suffer from directory traversal, code execution, and insecure permission vulnerabilities.
a91eed6c85bc9e21292b509d9c121d3aRocket.Chat suffers from a path traversal vulnerability.
497aca2c2e16a627c295b8a37f6b49a7This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
25786101984968ff048b1ccf1294f760Task Management System version 1.0 suffers from a local file inclusion vulnerability.
34b7e2cf93770d5be340a0dc747d2533Cisco ASA version 9.14.1.10 and FTD version 6.6.0.1 path traversal exploit. Original discovery of this vulnerability is attributed to 3ndG4me in October of 2020.
7cf23b4f5854a2f296a17705db8fae41Seacms version 11.1 suffers from a local file inclusion vulnerability.
4f0b0f0a174adaf8dba76ff066184250Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
c0df758f96538e1b8ac9689218a081adRukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.
e2fa9c797d92a57016481570e269e9e5
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed