Vulnerabilities > Dflabs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-28 | CVE-2012-1415 | Cross-Site Request Forgery (CSRF) vulnerability in Dflabs PTK 1.0.5 Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout. | 6.8 |
2012-11-17 | CVE-2012-5902 | Cross-Site Scripting vulnerability in Dflabs PTK 1.0.5 Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | 4.3 |
2012-11-17 | CVE-2012-5901 | Permissions, Privileges, and Access Controls vulnerability in Dflabs PTK 1.0.5 DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | 5.0 |
2009-05-07 | CVE-2008-6793 | Improper Input Validation vulnerability in Dflabs PTK 0.1/0.2/1.0 The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | 6.8 |
2009-03-16 | CVE-2009-0918 | Remote Security vulnerability in PTK Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image. | 7.5 |
2009-03-16 | CVE-2009-0917 | Cross-Site Scripting vulnerability in Dflabs PTK Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. | 4.3 |