Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13175 | 1 Teradici | 2 Cloud Access Connector, Cloud Access Connector Legacy | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | |||||
| CVE-2013-1945 | 1 Ruby-lang | 1 Ruby193 | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| ruby193 uses an insecure LD_LIBRARY_PATH setting. | |||||
| CVE-2013-4582 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | |||||
| CVE-2019-11742 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
| CVE-2012-4919 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | |||||
| CVE-2019-8154 | 1 Magento | 1 Magento | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. | |||||
| CVE-2013-3321 | 1 Netapp | 1 Oncommand System Manager | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | |||||
| CVE-2019-17014 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 7.4 HIGH |
| If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. | |||||
| CVE-2019-4263 | 1 Ibm | 1 Content Navigator | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. | |||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-15839 | 1 Shaosina | 1 Sina Extension For Elementor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | |||||
| CVE-2019-11590 | 1 10web | 1 Form Maker | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-5479 | 1 Larvit | 1 Larvitbase | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | |||||
| CVE-2019-13589 | 1 Anjlab | 1 Paranoid2 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5. | |||||
| CVE-2018-17246 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2018-18387 | 1 Playsms Project | 1 Playsms | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | |||||
| CVE-2018-15486 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. | |||||
| CVE-2018-8351 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | |||||
| CVE-2018-12120 | 1 Nodejs | 1 Node.js | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. | |||||
| CVE-2018-7422 | 1 Siteeditor | 1 Site Editor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal. | |||||