Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
local file inclusion vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-3299
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array....
Phpmyadmin
1 EDB exploit available
1 Nmap script available
9.3
CVSSv2
CVE-2009-1960
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also...
Dokuwiki
2 EDB exploits available
5
CVSSv2
CVE-2006-1909
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences....
Coppermine
Coppermine Photo Gallery
1 EDB exploit available
7.5
CVSSv2
CVE-2006-1819
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some...
Phpwebsite
6.4
CVSSv2
CVE-2006-1812
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information....
Phpwebftp
6.4
CVSSv2
CVE-2006-1813
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter....
Phpwebftp
4.3
CVSSv2
CVE-2011-4107
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external...
Phpmyadmin
1 EDB exploit available
2 Github repositories available
6.5
CVSSv2
CVE-2018-12712
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion....
Joomla
Joomla!
7.2
CVSSv2
CVE-2005-3339
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors....
Mantis
7.5
CVSSv2
CVE-2005-3336
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors....
Mantis
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-3864
CVE-2020-7000
node-key-sender
netease
CVE-2020-0796
arbitrary
CVE-2020-8637
client side
search meter project
CVE-2020-7622
autoyast2
CVE-2020-11547
CSRF
1
2
3
4
5
NEXT »
Vulmon