By Risk Score
By Publish Date
By Recent Activity
lfi vulnerabilities and exploits
(subscribe to this query)
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution....
Intesync Solismed 3.3
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint....
Artica Pandora Fms
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker....
Google Rendertron 1.0.0
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246....
Php-proxy Php-proxy 3.0.3
1 EDB exploit available
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request....
Eq-3 Ccu2 Firmware
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683....
Trms Tightrope Media Carousel Digital Signage
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application....
Dell Avamar Data Migration Enabler Web Interface 1.0.50
Dell Avamar Data Migration Enabler Web Interface 1.0.51
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow....
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web...
Unitrends Enterprise Backup
3 Github repositories available
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in...
D-link Dwr-116 Firmware
D-link Dir-140l Firmware
D-link Dir-640l Firmware
D-link Dwr-512 Firmware
D-link Dwr-712 Firmware
D-link Dwr-912 Firmware
D-link Dwr-921 Firmware
D-link Dwr-111 Firmware
2 Articles available
denial of service