522 matches found
Unauthorized Arbitrary File Read Vulnerability in jeewms
jeewms is a JAVA-based warehouse management system . jeewms has an unauthorized arbitrary file read vulnerability that can be exploited by an attacker to read any file on the server without authorization...
File Read Vulnerability in e-cology of Shanghai Panavision Networks Technology Co.
e-cology is a collaboration platform. Ltd. e-cology has a file read vulnerability that can be exploited by an attacker to obtain sensitive information such as website configuration...
CVE-2020-4344
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
Design/Logic Flaw
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js...
CVE-2020-3452 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability i...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
PoC exploit for CVE-2020-5902, a vulnerability in F5 Networks BIG-IP TMUI web interface. The exploit targets a remote command execution vulnerability in the 'tmui/login.jsp' endpoint, allowing an attacker to read arbitrary files on the system. The vulnerability is exploited by sending a specially...
CVE-2020-4075
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault on all new-window events where the url or options is not...
File Read Vulnerability in OM Web Video Conferencing System
The video conferencing system is a real-time interactive online meeting system. A file read vulnerability exists in OM Web Video Conferencing System, which can be exploited by attackers to obtain sensitive information...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938)
Summary An Apache Tomcat vulnerability which could allow a remote attacker to execute arbitrary code on the system affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
GHSA-4VJ3-F849-5R48 Arbitrary File Read in Snyk Broker
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths...
GitLab: Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities
I was digging through the gitlab-foss repository and noticed an interested pattern that seems to be adopted in a few places: the use of Forwardable with meta-programming over delegators, explicit attrreader methods or methodmissing. Heads up: the arbitrary file read vulnerability I demonstrate in...
CVE-2017-18769
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50,...
CVE-2017-18847
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.1001.0.82, R8500 before 1.0.2.1001.0.82, and D8500 before 1.0.3.29...
CVE-2017-18847
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.1001.0.82, R8500 before 1.0.2.1001.0.82, and D8500 before 1.0.3.29...
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...
CVE-2020-10560
OSSN prior to 5.3 is vulnerable to an unauthenticated arbitrary file read. A user-controlled file path combined with a weak cryptographic SiteKey can be brute-forced to craft a URL that targets components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php, allowing reading arbitrary ...
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...