Lucene search
K

132 matches found

OSV
OSV
added 2020/03/30 1:15 p.m.3 views

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

5.9CVSS5.8AI score0.03797EPSS
Exploits1References2
OSV
OSV
added 2019/08/01 2:15 p.m.4 views

CVE-2018-20889

cPanel before 74.0.0 allows certain file-read operations via password file caching SEC-425...

4.4CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/16 12:0 a.m.116 views

phpMyAdmin 4.0 < 4.8.5 Multiple Vulnerabilities (PMASA-2019-1), (PMASA-2019-2)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.8.5. It is, therefore, affected by multiple vulnerabilities. - When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any...

9.8CVSS7.6AI score0.15586EPSS
Exploits0References4
OSV
OSV
added 2019/01/30 3:29 p.m.4 views

CVE-2018-19858

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file e.g., in an IFRAME element, PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF...

8.6CVSS5.8AI score0.02597EPSS
Exploits1References3
NVD
NVD
added 2019/01/30 3:29 p.m.16 views

CVE-2018-19858

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file e.g., in an IFRAME element, PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF...

8.6CVSS8.5AI score0.02597EPSS
Exploits1References3
Prion
Prion
added 2019/01/30 3:29 p.m.8 views

Design/Logic Flaw

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file e.g., in an IFRAME element, PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF...

5CVSS8.4AI score0.02597EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/01/29 11:0 p.m.34 views

CVE-2018-19858

PrinceXML versions 10 and below are vulnerable to XXE due to missing protection against external entities. If an attacker supplies HTML referencing an XML file (for example via an IFRAME), PrinceXML will fetch and parse the XML, enabling file-read access and SSRF. No remediation details are provi...

8.6CVSS8.4AI score0.02597EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/01/29 11:0 p.m.23 views

CVE-2018-19858

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file e.g., in an IFRAME element, PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF...

8.5AI score0.02597EPSS
Exploits1References3
Prion
Prion
added 2018/09/21 5:29 p.m.10 views

Code injection

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup...

2.1CVSS6.7AI score0.00419EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2018/06/21 12:0 a.m.61 views

Unauthenticated Privileged Directory Traversal in IPConfigure Orchid Core VMS(CVE-2018-10956)

Affected Software: IPConfigure Orchid Core VMS All versions 2.0.6, tested on Linux and Windows Vulnerability: Unauthenticated Privileged Directory Traversal CVE: CVE-2018-10956 Impact: Arbitrary File Read Access Metasploit module:...

7.5AI score0.56318EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:52 p.m.37 views

Security Bulletin: A security vulnerability in IBM Liberty affects IBM Algo One Algo Risk Application (ARA) CVE-2017-1681

Summary A security vulnerability in IBM Liberty affects IBM Algo One Algo Risk Application ARA CVE-2017-1681 Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information,...

3.3CVSS0.5AI score0.0035EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/06/07 2:29 a.m.4 views

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

6.5CVSS5.8AI score0.08632EPSS
Exploits1References1
seebug.org
seebug.org
added 2018/02/24 12:0 a.m.70 views

XXE Zeroday Vulnerability in HP PPM

Intro: XXE Zeroday Vulnerability in HP PPM Researchers at Rhino Security Labs discovered an XXE vulnerability in the way HP Project and Portfolio Management Center HP PPM processed imported tickets. Specifically, an XML external entity injection vulnerability allows an attacker to exploit the...

7.9AI score
Exploits0
NVD
NVD
added 2017/12/15 6:29 p.m.12 views

CVE-2017-14101

A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...

9.8CVSS9.2AI score0.01438EPSS
Exploits0References1
Prion
Prion
added 2017/12/15 6:29 p.m.14 views

Xxe

A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...

5CVSS9AI score0.01438EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/12/15 6:29 p.m.4 views

CVE-2017-14101

A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...

9.8CVSS5.9AI score0.01438EPSS
Exploits0References1
CVE
CVE
added 2017/12/15 6:0 p.m.44 views

CVE-2017-14101

Affected product/brand: Change Healthcare Conserus Image Repository archive solution (version 2.1.1.105). Vulnerability type: XML External Entity (XXE) injection. Root cause / vector: Unauthenticated user can send a modified HTTP SOAP request to the vulnerable service to trigger XXE behavior. Imp...

9.8CVSS9AI score0.01438EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/12/15 6:0 p.m.17 views

CVE-2017-14101

A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...

9.2AI score0.01438EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/09/29 8:0 p.m.33 views

CVE-2017-14947

Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."...

7.9AI score0.01233EPSS
Exploits3References1
Prion
Prion
added 2017/07/05 8:29 p.m.14 views

Design/Logic Flaw

In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image0000000000400000+0x000000000001b596."...

6.8CVSS8AI score0.01268EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder