All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from path traversal vulnerabilities.
156aaf01e3f567caba60826f8c0e3305Ruijie Networks Switch eWeb S29_RGOS version 11.4 suffers from a directory traversal vulnerability.
d42793b9d2e5665d9a3c6433b256f461Adaptive Security Appliance Software version 9.11 local file inclusion exploit.
18674d1ac6566a743b27902123a8d30eF5 Big-IP versions 13.1.3 Build 0.0.6 and below suffer from a local file inclusion vulnerability.
b2e61907a263f05cda5368c904a3e106Bio Star version 2.8.2 suffers from a local file inclusion vulnerability.
27371df2c5b87c59458e1241e0ee2306Bludit version 3.9.2 suffers from a directory traversal vulnerability.
9c37d259cdc14c00be01226e03c282d4Mida Solutions eFramework versions 2.9.0 and below suffer from command execution, cross site scripting, denial of service, remote SQL injection, and path traversal vulnerabilities.
cf1e3e8d713adde398b34963e73c3e6cZyxel Armor X1 WAP6806 suffers from a directory traversal vulnerability.
3489e3347ae626ade153762d017313f6BSA Radar version 1.6.7234.24750 suffers from a local file inclusion vulnerability.
4f8724486f85bed5c6ebc292e5dde54dThis Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
07a638401a07dae3fe0cc15b5a196965openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.
34773fe08298e4f70971b2ca475bfba4FHEM version 6.0 suffers from a local file inclusion vulnerability.
35ad551f0a301429cff04952d64edc5eOdoo version 12.0 suffers from a local file inclusion vulnerability.
ef259aea09b43ebfc94e8efe879074f2OpenCTI version 3.3.1 suffers from cross site scripting and directory traversal vulnerabilities.
01e5582f9668a47e3707a7ac7a906c85MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
a0a3f891f47c7b51f226844efd20e946Bludit version 3.9.12 suffers from a directory traversal vulnerability.
58e30747011aa13fe7bddb3f9412d0d7Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.
e422428b73acd01b8faae4427b9bcb16Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.
a4735a7d21fe839b802938d376f307c3SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.
69eb6230d589074cf1c0543f754f010bBoltWire version 6.03 suffers from a local file inclusion vulnerability.
4592e504295e563f4cf421c3c26ba239Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.
0fcc796a695117342acf0f72ae2515deThis Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
098e961d63357b612d0c1f8c93294ae0QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.
6cb180e7e16b46cc6581407a5507d0a0QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.
f813c8f629536b1985d46109b98d02f8TVT NVMS 1000 suffers from a directory traversal vulnerability.
801d83449f54d4e39592e24a359a856d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed