6484 matches found
SAE Sina cloud after the end of an arbitrary file read vulnerability and fix-vulnerability warning-the black bar safety net
Describe: Sina SAE uses an unsafe third-party components, may result in any read after end of file Detailed description: http://pma.tools.sinaapp.com/ Is a mysql management client, using phpmyadmin, according to a recent 80sec in the tick published on phpmyadmin arbitrary file reading vulnerabili...
DEBIAN-CVE-2011-4107
The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...
phpMyAdmin Arbitrary File Read
Hi 80sec report this bug on wooyun,PhpMyadmin use a simplexmlloadstring function to read xml from user input,this may be exploied to read files from the server or network in libraries/import/xml.php,some code like this / Load the XML string The option LIBXMLCOMPACT is specified because it can...
ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
ABUS TVIP 11550/21550 File Read / File Upload / Command Execution
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
ea-gBook <= 0.1.4 LFI Vulnerability - Active Check
ea-gBook is prone to local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-5093
CVE-2009-5093 describes a directory traversal in Gastbuch (Gästebuch) 1.6 where an attacker can read arbitrary files by supplying a .. in the start parameter. The vulnerability affects gastbuch.php and stems from improper path handling, enabling remote access without authentication. Exploitation ...
CVE-2011-2178
CVE-2011-2178 affects libvirt (virSecurityManagerGetPrivateData in security/security_manager.c) from versions 0.8.8–0.9.1. The bug uses the wrong argument for a sizeof call, causing incorrect processing of security manager private data that reopens disk probing, which may allow guest OS users to ...
CiscoKits TFTP Directory Traversal
CiscoKits TFTP Server Directory Traversal Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1022 21/07/2011 Issue Discovered 03/08/2011 Vendor Notified Vendor Replied to Disclose 04/08/2011 Advisory Released Class: Information Disclosure Severity: Medium Overview:...
libsoup: SoupServer directory traversal flaw
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in a URI...
i-doit 'lang' Parameter Local File Include Vulnerability
I-doit is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ZyWALL USG Appliance Arbitrary File Read / Write
Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...
WordPress GRAND Flash Album Gallery Plugin Multiple Vulnerabilities
WordPress GRAND Flash Album Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2011-0751
Nostromo nhttpd (Nazgul Nostromo) versions up to 1.9.3 are vulnerable to CVE-2011-0751 due to improper validation of user-supplied paths, allowing directory traversal via encoded dot dot slash ("..%2f") in URIs and resulting in arbitrary file read or remote command execution. The issue affects th...
CVE-2010-4730
Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...
DEBIAN-CVE-2010-3316
The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...
Ubuntu: Security Advisory (USN-1008-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Update for pam MDVSA-2010:220 (pam)
Check for the Version of pam OpenVAS Vulnerability Test Mandriva Update for pam MDVSA-2010:220 pam Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
CVE-2010-3468
CVE-2010-3468 describes a directory traversal in Mura CMS (fileManager.cfc) that lets an attacker read arbitrary server files by manipulating the FILEID parameter in the default URI under tasks/render/file/. Affected are Mura CMS 5.1 prior to 5.1.498, 5.2 prior to 5.2.2809, and Sava CMS 5.x up to...
搜狗浏览器任意文件读取漏洞
搜狗浏览器设计时存在一些问题,结合一些其他漏洞,可能导致非法用户可以远程读取任意本地文件 搜狗浏览器使用本地的Html来开发一些一些功能,但是其中一个Html里存在着dom类型的xss漏洞,由于xss发生在本地所以可以获得本地的权限,利用javascript即可读取任意的本地文件 搜狗浏览器 2.0.0.1070 厂商补丁: sogou -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://ie.sogou.com/...