Vulmon Recent Vulnerabilities Discussions Trends About Contact

lfi vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution....
IntesyncSolismed
5
CVSSv2
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint....
ArticaPandora Fms
5
CVSSv2
CVE-2017-18354
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker....
GoogleRendertron
5
CVSSv2
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246....
Php-proxy
4
CVSSv2
CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request....
2.1
CVSSv2
CVE-2018-14573
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683....
5
CVSSv2
CVE-2019-3737
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application....
DellAvamar Data Migration Enabler Web Interface
7.1
CVSSv2
CVE-2017-7282
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web...
UnitrendsEnterprise Backup
5
CVSSv2
CVE-2018-10824
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in...
D-linkDir-140l FirmwareDir-640l FirmwareDwr-111 FirmwareDwr-116 FirmwareDwr-512 FirmwareDwr-712 FirmwareDwr-912 FirmwareDwr-921 Firmware
5
CVSSv2
CVE-2018-14064
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80....
Velotismart ProjectVelotismart Wifi Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
overflowtype confusionwso2CVE-2020-5212api managerbypassCVE-2019-10779CVE-2020-0609CVE-2020-0674CVE-2020-7998CVE-2019-15581