Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
local file inclusion vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-3299
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array....
1 EDB exploit available
1 Nmap script available
9.3
CVSSv2
CVE-2009-1960
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also...
2 EDB exploits available
6.4
CVSSv2
CVE-2006-1812
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information....
6.4
CVSSv2
CVE-2006-1813
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter....
7.5
CVSSv2
CVE-2006-1819
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some...
5
CVSSv2
CVE-2006-1909
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences....
1 EDB exploit available
4.3
CVSSv2
CVE-2011-4107
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external...
1 EDB exploit available
5
CVSSv2
CVE-2005-3338
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users....
7.2
CVSSv2
CVE-2005-3339
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors....
7.5
CVSSv2
CVE-2005-3336
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2020-15372
CVE-2020-25145
CVE-2020-25139
CVE-2020-17382
path traversal
CVE-2020-7735
log injection
cpanel
CVE-2020-1895
1
2
3
4
5
NEXT »
Vulmon