Microweber CMS version 1.2.10 has a backup functionality that enables a local file inclusion vulnerability.
6142d8811062699f8f87ae6d18474182b73f39fe90ed87e4773e25f514102aa5aaPanel version 6.8.21 suffers from a directory traversal vulnerability.
838b61a813c16c65297d3d287ef9a25859063ba41febc4861bb94ac896d0ba99Dbltek GoIP with firmware version GHSFVT-1.1-67-5 suffers from a local file inclusion vulnerability.
0d6bacc2c1374df5d970bb3cd46b2c784a546df1614076f108665a82cba4a43fKyocera Command Center RX version ECOSYS M2035dn suffers from a directory traversal vulnerability that allows for file disclosure.
89cfa42fe3449bfdce8a9117af9911c0470fdb7b8987a421e59b7dbeadeeebdeWordPress Simple Job Board plugin version 2.9.3 suffers from a local file inclusion vulnerability.
1c0762cbbdf0cad69fbecfc2a0c104e5004578ae2a294ea6aa61444f545b85e5Argo CD is vulnerable to a path traversal bug that allows to pass arbitrary values files to be consumed by Helm charts. Patches have been released for versions 2.3.0, 2.2.4, and 2.1.9.
c72ec87648df1bf1db82ddd2c376d6162184b99bceae3f511661c0a478686932Oracle WebLogic Server suffers from a local file inclusion vulnerability. Versions affected include 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
201c7442b864057fc71cc40d8602d6406f7fb6b3d115cde62d9c902068b08cfaLand Software's FAUST iServer versions 9.0.017.017.1-3 through 9.0.018.018.4 suffer from a local file inclusion vulnerability.
1940c0374c57a3ce5c29fb1b1586c473fe48cd03993e507d365564b0b210c462Archeevo version 5.0 suffers from a local file inclusion vulnerability.
561f8e95455d78b8e296b79cdc73888567fe22153f1968ae4edfe5b2593a869fOpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.
505b78cffe8b2f1b771d3702d316ef5c1753e49ac00b67466b0784a71a1ea915CoreFTP server build version 725 suffers from a directory traversal vulnerability.
fbb9c434dc72c64f279fda060263d779095ad8f3f6d61af6696ef0569552805bHD-Network Real-Time Monitoring System version 2.0 suffers from a local file inclusion vulnerability.
64ad46e211d5401ade6b17ec23d93dae913f1faaa92f6cb7a949a7be6d6cc1e8Red Hat Security Advisory 2021-5070-02 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
ffda29beeea0e12945c6104476712c3a616df43c26b412c9ebce4eee73c3f2a8Grafana version 8.3.0 suffers from a directory traversal vulnerability that can allow for arbitrary file reading.
9273519e26f2056463537ab66f8628cb91f138407ab75d06184d8d23d07ea50dOrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities.
010e38c96f2418d6360c9dcbb77e24409850905a15f68e92a39487807a819dbaWordPress All-In-One Video Gallery plugin versions 2.4.9 and below suffer from a local file inclusion vulnerability.
d56b622c5cdb0577129bc8f0f22407486cb0a913ccea8f94ea9c2c7839d09689CMSimple version 5.4 local file inclusion to remote code execution exploit.
a4b05d1e2b8f3b37a0772e0d7ce7cf15dca4169ffda490cd7eba79ae80aacc7aRed Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.
8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91aThis Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.
f4fce0d3935a3baeeca64e47d1f3ececd06846dd7a61129d94c68314b7e81dbbEasy Chat Server version 3.1 suffers from a directory traversal vulnerability.
150a2df0dc9b5819ab9a78ae0931157f91fe7bf5cead4d5aca7928ae3c7fd059Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.
75aa94003e00f9bc304726a005c80e01c7bce1e6aabc71988646f014ecb8e58eApache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.
4eccc2583086d9890750a8b83bcb7c04d9c447598c4297ae1b910acd7f05acb5Payara Micro Community version 5.2021.6 suffers from a directory traversal vulnerability.
1b90a0243d7131513edae6a966627f420fcd20be91b92fadda31a5c1c3f81641Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
7acd802c838e14356fda2dd84f235e3bbe000e4229b9386b3483399a41ad00f5OpenSIS version 8.0 suffers from a local file inclusion vulnerability via a path traversal.
b4604799c3d68f5a861c1059982a38647541f7bed5db2a009a480a31ae65fd13
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed