cbcvebase.

Dflabs Ptk vulnerabilities

6 known vulnerabilities affecting dflabs/ptk.

Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2008-6793P3MEDIUMCVSS 6.8PoCv0.1v0.2+1 more2009-05-07
CVE-2008-6793 [MEDIUM] CWE-20 CVE-2008-6793: The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote att The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
nvd
CVE-2012-1415P4MEDIUMCVSS 6.8PoC≤ 1.0.52014-12-28
CVE-2012-1415 [MEDIUM] CWE-352 CVE-2012-1415: Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier al Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
nvd
CVE-2009-0918P3HIGHCVSS 7.5v1.0.0v1.0.1+3 more2009-03-16
CVE-2009-0918 [HIGH] CVE-2009-0918: Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to exe Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
nvd
CVE-2012-5901P4MEDIUMCVSS 5.0v1.0.52012-11-17
CVE-2012-5901 [MEDIUM] CWE-264 CVE-2012-5901: DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insuffici DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
nvd
CVE-2009-0917P4MEDIUMCVSS 4.3v1.0.0v1.0.1+3 more2009-03-16
CVE-2009-0917 [MEDIUM] CWE-79 CVE-2009-0917: Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers t Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from
nvd
CVE-2012-5902P4MEDIUMCVSS 4.3v1.0.52012-11-17
CVE-2012-5902 [MEDIUM] CWE-79 CVE-2012-5902: Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows re Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
nvd
Dflabs Ptk vulnerabilities | cvebase