Red Hat Security Advisory 2024-9315-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, denial of service, double free, information leakage, integer overflow, memory leak, null pointer, out of bounds access, out of bounds read, remote file inclusion, and use-after-free vulnerabilities.
32308f49513c3b581bb9c141ba5087f4778c169dc1ab2498edc6b4de6282aef1
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
d393a8fbc83a7853129734872e32346a0060fce6cc2859479ba80540d7ca06af
TerraMaster TOS version 4.2.29 suffers from a remote code injection vulnerability leveraging a local file inclusion vulnerability.
47788fafaa57a0578fe61fae3aba9174fdcd4e9caddb1374b93de92e53260e4a
Sample Blog Site version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.
9eb4f98f6b5aa7c6a2b152f6a928201fce3e01efc03aed42ffeb58be9416ad69
Seo Panel version 4.10.0 suffers from a remote file inclusion vulnerability.
2fdf761dbcf0a177ff1181fce94ad134d7bd768b3f71e66a322977609630415f
Sample Blog Site version 1.0 suffers from a remote file inclusion vulnerability.
4f6ee68a6c536fed1167da6a84c5b39fb5d6773e2ab01a72d0112f0d091435a9
Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.
3e2115a5ac5563793a0f2c821d2286084e05076d87ec7793c02b372c65ca4475
BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.
6e54154264109ce0380fee45cc8dba495239a6e22843e4f8d07ddd298e5af855
Online Survey System version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.
0573d4aa4fad74ba21dfae8c95d8a0ef8922ce6bbbf5c65fcd1a8b98424e3d9e
Online Survey System version 1.0 suffers from a remote file inclusion vulnerability.
9ac49e540003cc98bbab6ed47333ffe2f4616bc3a383f48fe3a342e9a7dd83cc
This Metasploit module exploits an Apache Axis2 v1.4.1 local file inclusion (LFI) vulnerability. By loading a local XML file which contains a cleartext username and password, attackers can trivially recover authentication credentials to Axis services.
50104ff91cd322fe465188779cfaa98819e42e8898505fa53d0efc5a47d67e68
This Metasploit module exploits an unauthenticated remote file inclusion which exists in Supra Smart Cloud TV. The media control for the device doesnt have any session management or authentication. Leveraging this, an attacker on the local network can send a crafted request to broadcast a fake video.
4f628334a1d4a905d86ed3e418a091bc45e99144a8e83f1ac6d4d534bdfe0adf
Ray versions prior to 2.8.1 are vulnerable to a local file inclusion vulnerability.
bd052a339883d4fb2b7584d0b637a7cf11576c8925a84f832d496feb70c87eff
This Metasploit module exploits a local file inclusion in QNAP QTS and Photo Station that allows an unauthenticated attacker to download files from the QNAP filesystem. Because the HTTP server runs as root, it is possible to access sensitive files, such as SSH private keys and password hashes. This Metasploit module has been tested on QTS 4.3.3 (unknown Photo Station version) and QTS 4.3.6 with Photo Station 5.7.9.
70107b0adbe195b76131c10cdea4a24c8ea076a3a1b93c6596908a86f7bcd91a
Webpay E-Commerce version 1.0 suffers from a directory traversal vulnerability.
95d09ce8c5598b697d3b00aaac726a002f69525139a53abe89bf0d0c71fcfd96
Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.
8fab3cbba3b63d49ce3f1398516dff725855194afb4b9b834d890bf1ab8dff45
miniProxy version 1.0.0 suffers from a remote file inclusion vulnerability.
047d93955456ff76bf4deec8dd78b76d6fa4d853a8417d1dc141f9097b959a9b
Loan Management System version 1.0 suffers from a remote file inclusion vulnerability.
2f2cc5727791f8bddc23fe859702870ea920208518f2390ce07b09959a99f153
FlatPress version 1.3.1 suffers from a path traversal vulnerability.
93132facf1686cadc1ae8f70b92c43ad1314fd717d542ca0f3d2460a2af23e80
Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.
da80354c20c11213cf9464c89b3c9342e5d18753a59bd94e104156db88b776d5
Red Hat Security Advisory 2024-5102-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, double free, memory leak, null pointer, remote file inclusion, and use-after-free vulnerabilities.
271ebfd79d65d0fd7f0eaf5bfbcc5f0749c2bb655bb3ab858b0da3d97429fe08
This is a path traversal vulnerability that impacts the CreateIndexHandler and DeleteIndexHandler found within Bleve search library. These vulnerabilities enable the attacker to delete any directory owned by the user recursively, and create a new directory in any location which the server has write permissions to. This is Google's proof of concept exploit.
fa85d4f73ca7779ddd8389e832e0e1c1e86090421d04d1696926164a39351fbf
E-Commerce Site using PHP PDO version 1.0 suffers from a directory traversal vulnerability.
dc27958888a7f9ea33c2b82b09c46ed99740992adc97c22cbcb4c4b71184b5d1
Devika version 1 suffers from a path traversal vulnerability.
a1faa88d45aec3e4e47f6aaf83509670b4fb84ce15462308d2e7daa8d66d754c
Perten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.
92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2