This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.
30b82ecd437ab784ec81665a82576757Novus Management System versions prior to 1.51.2 suffer from cross site scripting and directory traversal vulnerabilities.
c64a7fc8b08135ed2c5f6feadfc07eadWyomind Help Desk version 1.3.6 suffers from remote shell upload, cross site scripting, and directory traversal vulnerabilities.
59218439c3ab4fb34a4f3a6427121b87WordPress Anti-Malware Security and Bruteforce Firewall plugin version 4.20.59 suffers from a directory traversal vulnerability.
6f9edaf13c8046960529a3c19bdf3c96Black Box Kvm Extender version 3.4.31307 suffers from a local file inclusion vulnerability.
6fe8c1691d468a9bf6c2ebd9e15d6affOpenEMR version 5.0.17 path traversal exploit.
a7622ae19ddf3cafa635248b9528fd2cOpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.
9b189b539433dd288cb8f97ef2d49d86Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.
f60c4ad77076831e6c6210dffcd07d54Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
ebe53272a318e753d01ffa4b44a12413Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.
f2d171b04734775d46bcc4f5dc3a2213Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.
f2f6e3d92179511f87fa66f851387309Mini Mouse version 9.3.0 suffers from local file inclusion and path traversal vulnerabilities.
5f48132206c39831f6956e4b977d8857Mini Mouse version 9.2.0 suffers from a path traversal vulnerability.
bf7068dcc9ec6cf759296e42c7397713WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.
486a3c691b8eb36346d834cb5c332a48rConfig version 3.9.6 suffers from a local file inclusion vulnerability.
98b4a60e9662ee6e4e1ed50a97c5a0bcFluig versions 1.7.0-210217 and below suffer from a path traversal vulnerability.
360e2f6a2b7d7edb421a3de50030196aYeastar TG400 GSM Gateway version 91.3.0.3 suffers from a path traversal vulnerability.
a467c9ff54325292a1cc919f562ee67fSolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.
bcff8e686a6d68a1e71f68016c03b076WordPress Supsystic Backup plugin version 2.3.9 suffers from a local file inclusion vulnerability.
aa7db6fb704f48b330319ce9f9b505e6WordPress Supsystic Digital Publications plugin version 1.6.9 suffers from cross site scripting, denial of service, and traversal vulnerabilities.
20cf753fe2b0be4cf71a7b33d728cf4fWordPress versions 5.0.0 and 4.9.8 and below remote code execution exploit that leverages path traversal and file inclusion vulnerabilities.
87ecab4766942bdc35c24a3b4d93d1ddHome Assistant Community Store (HACS) version 1.10.0 suffers from a path traversal vulnerability that allows for account takeover.
2e4344a9f1aa53aed3bf84cb9d2bc67dEyesOfNetwork version 5.3 suffers from a local file inclusion vulnerability.
88fd5acc1e0c31de7e01d0c3cfd29bc1Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.
576b9b1598c826767542e7d40705bbc2Gotenberg versions 6.2.0 and below suffer from directory traversal, code execution, and insecure permission vulnerabilities.
a91eed6c85bc9e21292b509d9c121d3a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed