Microweber CMS version 1.2.10 has a backup functionality that enables a local file inclusion vulnerability.
6142d8811062699f8f87ae6d18474182b73f39fe90ed87e4773e25f514102aa5
aaPanel version 6.8.21 suffers from a directory traversal vulnerability.
838b61a813c16c65297d3d287ef9a25859063ba41febc4861bb94ac896d0ba99
Dbltek GoIP with firmware version GHSFVT-1.1-67-5 suffers from a local file inclusion vulnerability.
0d6bacc2c1374df5d970bb3cd46b2c784a546df1614076f108665a82cba4a43f
Kyocera Command Center RX version ECOSYS M2035dn suffers from a directory traversal vulnerability that allows for file disclosure.
89cfa42fe3449bfdce8a9117af9911c0470fdb7b8987a421e59b7dbeadeeebde
WordPress Simple Job Board plugin version 2.9.3 suffers from a local file inclusion vulnerability.
1c0762cbbdf0cad69fbecfc2a0c104e5004578ae2a294ea6aa61444f545b85e5
Argo CD is vulnerable to a path traversal bug that allows to pass arbitrary values files to be consumed by Helm charts. Patches have been released for versions 2.3.0, 2.2.4, and 2.1.9.
c72ec87648df1bf1db82ddd2c376d6162184b99bceae3f511661c0a478686932
Oracle WebLogic Server suffers from a local file inclusion vulnerability. Versions affected include 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
201c7442b864057fc71cc40d8602d6406f7fb6b3d115cde62d9c902068b08cfa
Land Software's FAUST iServer versions 9.0.017.017.1-3 through 9.0.018.018.4 suffer from a local file inclusion vulnerability.
1940c0374c57a3ce5c29fb1b1586c473fe48cd03993e507d365564b0b210c462
Archeevo version 5.0 suffers from a local file inclusion vulnerability.
561f8e95455d78b8e296b79cdc73888567fe22153f1968ae4edfe5b2593a869f
OpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.
505b78cffe8b2f1b771d3702d316ef5c1753e49ac00b67466b0784a71a1ea915
CoreFTP server build version 725 suffers from a directory traversal vulnerability.
fbb9c434dc72c64f279fda060263d779095ad8f3f6d61af6696ef0569552805b
HD-Network Real-Time Monitoring System version 2.0 suffers from a local file inclusion vulnerability.
64ad46e211d5401ade6b17ec23d93dae913f1faaa92f6cb7a949a7be6d6cc1e8
Red Hat Security Advisory 2021-5070-02 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
ffda29beeea0e12945c6104476712c3a616df43c26b412c9ebce4eee73c3f2a8
Grafana version 8.3.0 suffers from a directory traversal vulnerability that can allow for arbitrary file reading.
9273519e26f2056463537ab66f8628cb91f138407ab75d06184d8d23d07ea50d
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities.
010e38c96f2418d6360c9dcbb77e24409850905a15f68e92a39487807a819dba
WordPress All-In-One Video Gallery plugin versions 2.4.9 and below suffer from a local file inclusion vulnerability.
d56b622c5cdb0577129bc8f0f22407486cb0a913ccea8f94ea9c2c7839d09689
CMSimple version 5.4 local file inclusion to remote code execution exploit.
a4b05d1e2b8f3b37a0772e0d7ce7cf15dca4169ffda490cd7eba79ae80aacc7a
Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.
8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91a
This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.
f4fce0d3935a3baeeca64e47d1f3ececd06846dd7a61129d94c68314b7e81dbb
Easy Chat Server version 3.1 suffers from a directory traversal vulnerability.
150a2df0dc9b5819ab9a78ae0931157f91fe7bf5cead4d5aca7928ae3c7fd059
Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.
75aa94003e00f9bc304726a005c80e01c7bce1e6aabc71988646f014ecb8e58e
Apache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.
4eccc2583086d9890750a8b83bcb7c04d9c447598c4297ae1b910acd7f05acb5
Payara Micro Community version 5.2021.6 suffers from a directory traversal vulnerability.
1b90a0243d7131513edae6a966627f420fcd20be91b92fadda31a5c1c3f81641
Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
7acd802c838e14356fda2dd84f235e3bbe000e4229b9386b3483399a41ad00f5
OpenSIS version 8.0 suffers from a local file inclusion vulnerability via a path traversal.
b4604799c3d68f5a861c1059982a38647541f7bed5db2a009a480a31ae65fd13