OpenSIS version 8.0 suffers from a local file inclusion vulnerability via a path traversal.
b4604799c3d68f5a861c1059982a38647541f7bed5db2a009a480a31ae65fd13
Umbraco CMS versions 8.9.1 and below suffer from path traversal and arbitrary file write vulnerabilities.
285a3167b58ee1d23f3b7b489f51a13fbc7670d634c6d025df3c15ebcfbdb31c
ProcessMaker version 3.5.4 suffers from a local file inclusion vulnerability.
9ea7d66b1db175d01d116b70589f81aa63e6fdbafe9911ea8926c41cf7d4ab71
WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.
4ba2f635f1919087afeb889e83b56c9bba07306accfaf8f3400631cec952d93f
GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.
8ccb4bb1b96f86b0ef24cd5e1b36f037c42c2f00bb5ec9a80fedbe4537f7a7ab
This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.
3c9df4f24a784d6c632f742ca3902c18462336b6f1ee4031041e932d800f8a5d
Novus Management System versions prior to 1.51.2 suffer from cross site scripting and directory traversal vulnerabilities.
a65d049ebbdbe6ea6605dde31e263ad17f342eaa1325232c9713027697ce29ea
Wyomind Help Desk version 1.3.6 suffers from remote shell upload, cross site scripting, and directory traversal vulnerabilities.
634925282d35ed9ef1ef364504fddb9b75511787a9894bf04ea9a82f3f4576ab
WordPress Anti-Malware Security and Bruteforce Firewall plugin version 4.20.59 suffers from a directory traversal vulnerability.
ab4481f244c77898cdf901559f1b2864f3f7537dae13d8d4a585aeb1414d9521
Black Box Kvm Extender version 3.4.31307 suffers from a local file inclusion vulnerability.
7cfcd595717037d50ce7e14141d64bfe83b4a9ecc44ba3dbe53abf5aba78d15d
OpenEMR version 5.0.17 path traversal exploit.
d922d48e6a0bee902e565673aa1c4471cc5327d78c48154ce121df3691d4e7ac
OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.
4137f1bcde3ba0b062231c438d7bd1885e04568f8cb1e019f5635288f2560b7d
Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.
2fe1bba3a63538bc31c8f324c6075a4d7a94d198f0d2cc9c21a732f03fedcf03
Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2
Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.
a50f986fffa593ec901590f6e7af89c7caa33805339e420f6058a47850eb4854
Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.
fca5df7ad0d34a5f7b8addf705a53ad2dd0527cb631c1a47240bfd8afd22f8d1
Mini Mouse version 9.3.0 suffers from local file inclusion and path traversal vulnerabilities.
a13bbc09d01e34368193013febfccedbf163b863c3649b83bc09aed75d823c8f
Mini Mouse version 9.2.0 suffers from a path traversal vulnerability.
9e5e5f36ecd3f806a6cb7ab73e475aa2610e8f26d99edb0638ecc462e4b95937
WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.
55dc77f809d56b8b5aa14205f75e1428b5c479b4e6d09486ba4219db69b108dd
rConfig version 3.9.6 suffers from a local file inclusion vulnerability.
7c37126c26a4c3ea7cbb5f1c197f7f7f06bafe4d7921cfb5f1f22a26c00d5f21
Fluig versions 1.7.0-210217 and below suffer from a path traversal vulnerability.
ea5511730eaab22027c25e852ad09966af7a9dc8002e191fff5abf1fb3aaf5aa
Yeastar TG400 GSM Gateway version 91.3.0.3 suffers from a path traversal vulnerability.
f44bbe91ca4f8dfdd5196a1e8f1790d712feb6f1c16a29856640d2d4a7faab8f
SolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.
64b515c78c524df69e596a9ac43e62c6feeaae73ff31f506f5da5c63c7573d1a
WordPress Supsystic Backup plugin version 2.3.9 suffers from a local file inclusion vulnerability.
ec9df473ec6c5b2aa30e2f7f712758f39e5ddff10939d73f66f223aa3ea66fc0
WordPress Supsystic Digital Publications plugin version 1.6.9 suffers from cross site scripting, denial of service, and traversal vulnerabilities.
decf2106824f024b598f1ffe09371562d93f784c34835d7423f1a6cab35e94df