SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via coreadminmodulesdevelopermodulesdesignerform-create.php. The attacker creates a crafted table name...
Read MoreDirectory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
Read MoreA directory traversal vulnerability exists in coreadminajaxdeveloperextensionsfile-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via .. sequences in the directory...
Read MoreA cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
Read MoreDirectory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.
Read More