CVE-2017-7282 CVSS:7.1
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). (Last Update:2017-04-24) (Publish Update:2017-04-19)
CVE-2017-6325 CVSS:0.0
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. (Last Update:2017-06-26) (Publish Update:2017-06-26)
CVE-2017-5595 CVSS:2.1
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. (Last Update:2017-02-16) (Publish Update:2017-02-06)
CVE-2016-10085 CVSS:6.5
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. (Last Update:2017-01-03) (Publish Update:2016-12-30)
CVE-2016-10084 CVSS:6.5
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). (Last Update:2017-01-03) (Publish Update:2016-12-30)
CVE-2016-10082 CVSS:7.5
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. (Last Update:2017-01-03) (Publish Update:2016-12-30)
CVE-2016-10039 CVSS:7.5
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. (Last Update:2016-12-29) (Publish Update:2016-12-24)
CVE-2016-10038 CVSS:7.5
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. (Last Update:2016-12-29) (Publish Update:2016-12-24)
CVE-2016-10037 CVSS:7.5
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. (Last Update:2016-12-30) (Publish Update:2016-12-24)
CVE-2016-4806 CVSS:5.0
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. (Last Update:2017-01-19) (Publish Update:2017-01-11)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com