Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-7985
Directory traversal vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Espocrm Espocrm
5
CVSSv2
CVE-2014-7986
install/index.php in EspoCRM prior to 2.6.0 allows remote malicious users to re-install the application via a 1 value in the installProcess parameter.
Espocrm Espocrm
4.3
CVSSv2
CVE-2014-7987
Cross-site scripting (XSS) vulnerability in EspoCRM prior to 2.6.0 allows remote malicious users to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Espocrm Espocrm
7.5
CVSSv2
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS prior to 2.2.0 RC1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Exponentcms Exponent Cms
5
CVSSv2
CVE-2020-11798
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV prior to 8.1.2.4 and 9.x prior to 9.1.3 could allow an malicious user to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access valida...
Mitel Micollab Audio\\, Web \\& Video Conferencing
7.8
CVSSv2
CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with...
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
NA
CVE-2022-44013
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Simmeth Lieferantenmanager
NA
CVE-2022-44017
An issue exists in Simmeth Lieferantenmanager prior to 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local...
Simmeth Lieferantenmanager
6.8
CVSSv2
CVE-2019-11590
The 10Web Form Maker plugin prior to 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['...
10web Form Maker
NA
CVE-2022-44015
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.
Simmeth Lieferantenmanager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »