522 matches found
CVE-2022-23621
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR for example xwiki.cfg and xwiki.properties through XWikiinvokeServletAndReturnAsString as...
CVE-2022-23316
taoCMS v3.0.2 contains an arbitrary file read vulnerability in the admin download path. The issue can be exploited via admin.php?action=file&ctrl=download&path=../../1.txt to read arbitrary files, indicating a path-traversal flaw in the file download handler. Impact centers on confidentiality (re...
CVE-2021-44351
CVE-2021-44351 affects NavigateCMS 2.9. The vulnerability is an arbitrary file read via /navigate/navigate_download.php id parameter due to improper validation in the navigate_download.php handler. The root cause is insufficient input validation of the id parameter in that file, enabling an attac...
TermTalk Server 3.24.0.2 Arbitrary File Read
Exploit Title: TermTalk Server 3.24.0.2 - Arbitrary File Read Unauthenticated Date: 03/01/2022 Exploit Author: Fabiano Golluscio @ Swascan Vendor Homepage: https://www.solari.it/it/ Software Link: https://www.solari.it/it/solutions/other-solutions/access-control/ Version: 3.24.0.2 Fixed Version:...
CVE-2021-44674
CVE-2021-44674 affects Opmantek Open-AudIT 4.2.0. The vulnerability is an information exposure via a path traversal issue that allows an authenticated attacker to read files outside of restricted directories. The NVD entry notes network access with low attack complexity and the ability to read re...
Exploit for CVE-2021-43008
CVE-2021-43008 - AdminerRead Exploit tool for Adminer 1...
Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation LPE on vulnerable systems. Tracked as CVE-2021-24084 CVSS score: 5.5, the flaw concerns an information disclosure...
The vulnerability of the “BKBCopyD.exe” service in Yokogawa’s software products allows a hacker to read arbitrary files using the RETR operation, write to arbitrary files using the STOR operation, or obtain confidential database location information using the PMODE operation.
The vulnerability of the “BKBCopyD.exe” service in Yokogawa’s software products is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the RETR operation, write to arbitrary files using the STOR operation, or obtain...
Fortinet FortiPortal代码问题漏洞
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for use by MSPs. The vulnerability stems from an improper restriction of the XML external entity...
CVE-2021-32833 Unauthenticated file read in Emby Server
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are...
Information disclosure
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure...
CVE-2021-22022
Summary (CVE-2021-22022) : VMware vRealize Operations Manager API (versions 8.x before 8.5) contains an arbitrary file read vulnerability. An attacker with administrative access to the vROps API can read arbitrary files on the server, causing information disclosure. The issue is tied to the vROps...
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3...
CVE-2021-33184
Server-Side request forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors...
Arbitrary File Read Vulnerability in H3C SecPath ACG1000
The H3C SecPath ACG1000 is a next-generation application control gateway. An arbitrary file read vulnerability exists in the H3C SecPath ACG1000. An attacker can exploit the vulnerability to read arbitrary files...
Sifchain: Path Transversal inside saveContracts.js
Reference: https://portswigger.net/web-security/file-path-traversal Directory traversal also known as file path traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data,...
Arbitrary File Read Vulnerability in BlueLine's New Generation Digital OA (Large and Medium Enterprises) EKP
Shenzhen BlueLine Software Co., Ltd. is a well-known large-platform OA service provider and a leading knowledge management solution provider in China, which is a national high-tech enterprise specializing in knowledge-based consulting, software R&D, implementation and technical services for...
Arbitrary File Read Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Huaruijie Technology Co.
Ltd. is a subsidiary of Zhejiang Dahua Technology Co., Ltd. and the company's business scope: technical services, technology development, manufacturing of automobile parts and accessories; wholesale of automobiles and spare parts; retail of automobile parts and accessories; manufacturing of...
蓝凌OA前台任意文件读取漏洞
...