Dflabs
Products
1- 6 CVEs
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6793 | 0.04 | — | 0.10 | May 7, 2009 | The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | ||
| CVE-2012-1415 | 0.03 | — | 0.00 | Dec 28, 2014 | Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout. | ||
| CVE-2012-5902 | 0.00 | — | 0.00 | Nov 17, 2012 | Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter. | ||
| CVE-2012-5901 | 0.00 | — | 0.00 | Nov 17, 2012 | DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | ||
| CVE-2009-0918 | 0.00 | — | 0.02 | Mar 16, 2009 | Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image. | ||
| CVE-2009-0917 | 0.00 | — | 0.02 | Mar 16, 2009 | Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet." |
- CVE-2008-6793May 7, 2009risk 0.04cvss —epss 0.10
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
- CVE-2012-1415Dec 28, 2014risk 0.03cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
- CVE-2012-5902Nov 17, 2012risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
- CVE-2012-5901Nov 17, 2012risk 0.00cvss —epss 0.00
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
- CVE-2009-0918Mar 16, 2009risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
- CVE-2009-0917Mar 16, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."