CVE-2018-0013 CVSS:0.0
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system. (Last Update:2018-01-10) (Publish Update:2018-01-10)
CVE-2017-1000454 CVSS:0.0
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 (Last Update:2018-01-02) (Publish Update:2018-01-02)
CVE-2017-1000192 CVSS:5.0
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. (Last Update:2017-12-02) (Publish Update:2017-11-17)
CVE-2017-1000029 CVSS:5.0
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-15583 CVSS:5.0
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. (Last Update:2017-11-08) (Publish Update:2017-10-18)
CVE-2017-14509 CVSS:6.5
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue. (Last Update:2017-12-29) (Publish Update:2017-09-17)
CVE-2017-14404 CVSS:5.0
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. (Last Update:2017-09-18) (Publish Update:2017-09-12)
CVE-2017-11658 CVSS:5.0
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. (Last Update:2017-08-04) (Publish Update:2017-07-26)
CVE-2017-7282 CVSS:7.1
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). (Last Update:2017-04-24) (Publish Update:2017-04-19)
CVE-2017-6774 CVSS:4.0
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. (Last Update:2017-08-25) (Publish Update:2017-08-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com