Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dflabs Subscribe
Filtered by product Ptk
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6793 1 Dflabs 1 Ptk 2018-10-11 6.8 MEDIUM N/A
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
CVE-2012-5901 1 Dflabs 1 Ptk 2017-08-28 5.0 MEDIUM N/A
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
CVE-2012-5902 1 Dflabs 1 Ptk 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
CVE-2009-0917 1 Dflabs 1 Ptk 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."
CVE-2009-0918 1 Dflabs 1 Ptk 2017-08-16 7.5 HIGH N/A
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
CVE-2012-1415 1 Dflabs 1 Ptk 2014-12-29 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.