Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-16246
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution....
Intesync Solismed 3.3
445
VMScore
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint....
Artica Pandora Fms
445
VMScore
CVE-2017-18354
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker....
Google Rendertron 1.0.0
505
VMScore
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246....
Php-proxy Php-proxy 3.0.3
1 EDB exploit available
NA
CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request....
Eq-3 Cux-daemon
Eq-3 Ccu2 Firmware
187
VMScore
CVE-2018-14573
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683....
Trms Tightrope Media Carousel Digital Signage
445
VMScore
CVE-2019-3737
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application....
Dell Avamar Data Migration Enabler Web Interface 1.0.50
Dell Avamar Data Migration Enabler Web Interface 1.0.51
NA
CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow....
Onkyo Tx-nr585 Firmware 1000-0000-000-0008-0000
633
VMScore
CVE-2017-7282
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web...
Unitrends Enterprise Backup
3 Github repositories available
445
VMScore
CVE-2018-10824
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in...
D-link Dwr-116 Firmware
D-link Dir-140l Firmware
D-link Dir-640l Firmware
D-link Dwr-512 Firmware
D-link Dwr-712 Firmware
D-link Dwr-912 Firmware
D-link Dwr-921 Firmware
D-link Dwr-111 Firmware
2 Articles available
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
TCP
CVE-2020-4865
CVE-2021-3297
CVE-2018-15473
CVE-2021-3317
CVE-2021-23240
denial of service
CVE-2020-16107
1
2
NEXT »