Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.
CVSS Score
6.8
EPSS Score
0.002
Published
2014-12-28
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-11-17
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-11-17