522 matches found
cPanel Input Validation Error Vulnerability (CNVD-2019-36145)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An Access Control Error vulnerability exists in versions of cPanel prior to 11.54.0.4. An attacker can exploit the vulnerability ...
Arbitrary File Read
github.com/opencontainers/runc is vulnerable to arbitrary file read. The vulnerability exists as the AppAmor restrictions can be bypassed due to incorrect mount targets check, allowing a malicious Docker image to be mounted over a /proc directory...
CVE-2019-15138
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...
Exploit for Path Traversal in Ivanti Connect_Secure
pwn-pulse.sh Exploit for Pulse Connect Secure SSL VPN arbitr...
PT-2019-9040 · Clickhouse · Clickhouse Mysql Client
Name of the Vulnerable Software and Affected Versions: ClickHouse MySQL client versions prior to 1.1.54390 Description: The issue concerns the "LOAD DATA LOCAL INFILE" functionality in the ClickHouse MySQL client, which was enabled and allowed a malicious MySQL database to read arbitrary files fr...
CVE-2017-18448
cPanel before 64.0.21 allows certain file-read operations via a Serverinfomanpage API call SEC-252...
CVE-2016-10829
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error SEC-99...
JetBrains TeamCity File Read Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A file read vulnerability exists in JetBrains...
ABB HMI Hardcoded Credentials File Read Vulnerability
ABB PB610 is a software from ABB Switzerland for designing graphical user interfaces for the CP600 control panel platform. A file read vulnerability exists in ABB HMI Hardcoded Credentials, which can be exploited by an attacker to read or write to the HMI configuration file and reset the device...
PHPSHE Mall System has XML External Entity Injection Vulnerability
PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. PHPSHE mall system exists XML external entity...
Debian DSA-4415-1 : passenger - security update
An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...
OPENSUSE-SU-2019:0194-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.8.5 fixes the following issues: Security issues fixed: - CVE-2019-6799: Fixed an arbitrary file read vulnerability boo1123272 - CVE-2019-6798: Fixed a SQL injection in the designer interface boo1123271 Other changes: Fix rxport to SQL format not available F...
CVE-2019-8389
The CVE-2019-8389 issue affects Musicloud 1.6, where the Wi‑Fi transfer feature runs a service on port 8080 accessible to any device on the same network. Affected component is the download.script endpoint, which processes POST parameters downfiles and cur-folder. A crafted ../ payload enables an ...
CVE-2019-8389
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder with a crafted ../ payload...
Fedora 28 : phpMyAdmin (2019-6cfd17b03d)
Upstream announcement: Security fix: phpMyAdmin 4.8.5 is released The phpMyAdmin team announces the release of phpMyAdmin version 4.8.5. Among other bug fixes, this contains several important security fixes. Upgrading is highly recommended for all users. The security fixes involve : - Arbitrary...
Fedora 29 : phpMyAdmin (2019-09ae31d880)
Upstream announcement: Security fix: phpMyAdmin 4.8.5 is released The phpMyAdmin team announces the release of phpMyAdmin version 4.8.5. Among other bug fixes, this contains several important security fixes. Upgrading is highly recommended for all users. The security fixes involve : - Arbitrary...
Arbitrary File Deletion, File Read Vulnerability in Ectouch WechatController Backend
ECTouch is a mobile mall online store system launched by Shanghai Shangchuang Network Technology Co. Ectouch WechatController backend exists arbitrary file deletion, file reading vulnerability. Attackers can use the vulnerability to reinstall the system and obtain configuration files...
S-CMS File Read Vulnerability
S-CMS is a content management system CMS based on PHP and MySQL. A file read vulnerability exists in the admin/download.php file in S-CMS version 1.0, which can be exploited by an attacker to read files with the help of the 'DownName' parameter...
CVE-2018-20463
Summary: CVE-2018-20463 affects WordPress- JSmol2WP plugin,
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit
Exploit for windows platform in category local exploits The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while...