# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
24751 |
CVE-2017-5556 |
125 |
|
DoS Exec Code |
2017-01-23 |
2017-01-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. |
24752 |
CVE-2017-5553 |
79 |
|
XSS |
2017-01-23 |
2017-01-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. |
24753 |
CVE-2017-5552 |
772 |
|
DoS |
2017-03-15 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. |
24754 |
CVE-2017-5551 |
|
|
+Priv |
2017-02-06 |
2019-10-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. |
24755 |
CVE-2017-5550 |
200 |
|
+Info |
2017-02-06 |
2017-02-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. |
24756 |
CVE-2017-5549 |
532 |
|
+Info |
2017-02-06 |
2018-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. |
24757 |
CVE-2017-5545 |
125 |
|
DoS +Info |
2017-01-20 |
2017-01-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. |
24758 |
CVE-2017-5542 |
79 |
|
XSS |
2017-01-20 |
2017-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. |
24759 |
CVE-2017-5541 |
22 |
|
Dir. Trav. |
2017-01-20 |
2017-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. |
24760 |
CVE-2017-5537 |
200 |
|
+Info |
2017-03-15 |
2017-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests. |
24761 |
CVE-2017-5536 |
79 |
|
XSS CSRF |
2018-05-01 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. |
24762 |
CVE-2017-5535 |
326 |
|
|
2018-05-01 |
2019-10-09 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. |
24763 |
CVE-2017-5533 |
|
|
|
2017-11-15 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0. |
24764 |
CVE-2017-5532 |
79 |
|
XSS |
2017-11-15 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below. |
24765 |
CVE-2017-5531 |
|
|
|
2017-10-17 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. |
24766 |
CVE-2017-5530 |
|
|
|
2017-12-12 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0. |
24767 |
CVE-2017-5529 |
200 |
|
+Info |
2017-06-29 |
2018-10-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below). |
24768 |
CVE-2017-5528 |
352 |
|
XSS CSRF |
2017-06-29 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). |
24769 |
CVE-2017-5527 |
89 |
|
Sql |
2017-05-09 |
2017-05-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. |
24770 |
CVE-2017-5526 |
772 |
|
DoS |
2017-03-15 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
24771 |
CVE-2017-5525 |
772 |
|
DoS |
2017-03-15 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
24772 |
CVE-2017-5524 |
134 |
|
Bypass +Info |
2017-03-23 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. |
24773 |
CVE-2017-5521 |
200 |
|
+Info |
2017-01-17 |
2017-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. |
24774 |
CVE-2017-5520 |
434 |
|
|
2017-01-17 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. |
24775 |
CVE-2017-5518 |
918 |
|
|
2017-01-17 |
2017-01-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. |
24776 |
CVE-2017-5516 |
79 |
|
XSS |
2017-01-17 |
2017-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. |
24777 |
CVE-2017-5515 |
79 |
|
XSS |
2017-01-17 |
2017-01-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. |
24778 |
CVE-2017-5510 |
787 |
|
|
2017-03-24 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. |
24779 |
CVE-2017-5509 |
787 |
|
|
2017-03-24 |
2017-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. |
24780 |
CVE-2017-5508 |
119 |
|
DoS Overflow |
2017-03-24 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. |
24781 |
CVE-2017-5506 |
415 |
|
|
2017-03-24 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. |
24782 |
CVE-2017-5505 |
119 |
|
DoS Overflow |
2017-03-16 |
2017-03-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. |
24783 |
CVE-2017-5504 |
125 |
|
DoS |
2017-03-01 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image. |
24784 |
CVE-2017-5503 |
787 |
|
DoS |
2017-03-01 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image. |
24785 |
CVE-2017-5502 |
|
|
DoS |
2017-03-01 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
24786 |
CVE-2017-5501 |
190 |
|
DoS Overflow |
2017-03-01 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. |
24787 |
CVE-2017-5500 |
|
|
DoS |
2017-03-01 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
24788 |
CVE-2017-5499 |
190 |
|
DoS Overflow |
2017-03-01 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file. |
24789 |
CVE-2017-5498 |
|
|
DoS |
2017-03-01 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
24790 |
CVE-2017-5496 |
200 |
|
+Info |
2017-03-15 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash. |
24791 |
CVE-2017-5494 |
79 |
|
XSS |
2017-01-15 |
2017-01-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. |
24792 |
CVE-2017-5493 |
338 |
|
Bypass |
2017-01-14 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. |
24793 |
CVE-2017-5492 |
352 |
|
CSRF |
2017-01-14 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. |
24794 |
CVE-2017-5491 |
1188 |
|
Bypass |
2017-01-14 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. |
24795 |
CVE-2017-5490 |
79 |
|
XSS |
2017-01-14 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. |
24796 |
CVE-2017-5489 |
352 |
|
CSRF |
2017-01-14 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. |
24797 |
CVE-2017-5488 |
79 |
|
XSS |
2017-01-14 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. |
24798 |
CVE-2017-5487 |
200 |
|
+Info |
2017-01-14 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. |
24799 |
CVE-2017-5481 |
200 |
|
+Priv +Info |
2017-05-03 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. |
24800 |
CVE-2017-5480 |
22 |
|
Dir. Trav. |
2017-01-15 |
2017-01-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. |