Lucene search
+L

522 matches found

CNVD
CNVD
added 2019/10/16 12:0 a.m.5 views

cPanel Input Validation Error Vulnerability (CNVD-2019-36145)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An Access Control Error vulnerability exists in versions of cPanel prior to 11.54.0.4. An attacker can exploit the vulnerability ...

6.5CVSS6.7AI score0.01095EPSS
Exploits0References1
Veracode
Veracode
added 2019/09/26 5:2 a.m.24 views

Arbitrary File Read

github.com/opencontainers/runc is vulnerable to arbitrary file read. The vulnerability exists as the AppAmor restrictions can be bypassed due to incorrect mount targets check, allowing a malicious Docker image to be mounted over a /proc directory...

7.5CVSS3.6AI score0.04409EPSS
Exploits1References20Affected Software3
Cvelist
Cvelist
added 2019/09/20 7:13 p.m.38 views

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

7.5AI score0.01867EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2019/09/09 3:58 p.m.281 views

Exploit for Path Traversal in Ivanti Connect_Secure

pwn-pulse.sh Exploit for Pulse Connect Secure SSL VPN arbitr...

10CVSS9.2AI score0.99999EPSS
Exploits22
Positive Technologies
Positive Technologies
added 2019/08/15 12:0 a.m.7 views

PT-2019-9040 · Clickhouse · Clickhouse Mysql Client

Name of the Vulnerable Software and Affected Versions: ClickHouse MySQL client versions prior to 1.1.54390 Description: The issue concerns the "LOAD DATA LOCAL INFILE" functionality in the ClickHouse MySQL client, which was enabled and allowed a malicious MySQL database to read arbitrary files fr...

7.5CVSS7.3AI score0.01711EPSS
Exploits0References8
OSV
OSV
added 2019/08/02 5:15 p.m.5 views

CVE-2017-18448

cPanel before 64.0.21 allows certain file-read operations via a Serverinfomanpage API call SEC-252...

5.3CVSS5.8AI score0.01167EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/01 4:35 p.m.17 views

CVE-2016-10829

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error SEC-99...

6.6AI score0.01029EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/09 12:0 a.m.4 views

JetBrains TeamCity File Read Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A file read vulnerability exists in JetBrains...

4.3CVSS6.9AI score0.00771EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/26 12:0 a.m.7 views

ABB HMI Hardcoded Credentials File Read Vulnerability

ABB PB610 is a software from ABB Switzerland for designing graphical user interfaces for the CP600 control panel platform. A file read vulnerability exists in ABB HMI Hardcoded Credentials, which can be exploited by an attacker to read or write to the HMI configuration file and reset the device...

8.8CVSS6.8AI score0.02895EPSS
Exploits1References1
CNVD
CNVD
added 2019/04/15 12:0 a.m.3 views

PHPSHE Mall System has XML External Entity Injection Vulnerability

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. PHPSHE mall system exists XML external entity...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/25 12:0 a.m.33 views

Debian DSA-4415-1 : passenger - security update

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...

4.7CVSS5.8AI score0.00358EPSS
Exploits0References5
OSV
OSV
added 2019/03/23 10:57 a.m.3 views

OPENSUSE-SU-2019:0194-1 Security update for phpMyAdmin

This update for phpMyAdmin to version 4.8.5 fixes the following issues: Security issues fixed: - CVE-2019-6799: Fixed an arbitrary file read vulnerability boo1123272 - CVE-2019-6798: Fixed a SQL injection in the designer interface boo1123271 Other changes: Fix rxport to SQL format not available F...

9.8CVSS8.1AI score0.15407EPSS
Exploits0References5
CVE
CVE
added 2019/02/17 3:0 a.m.44 views

CVE-2019-8389

The CVE-2019-8389 issue affects Musicloud 1.6, where the Wi‑Fi transfer feature runs a service on port 8080 accessible to any device on the same network. Affected component is the download.script endpoint, which processes POST parameters downfiles and cur-folder. A crafted ../ payload enables an ...

8.1CVSS7.8AI score0.01459EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/17 3:0 a.m.26 views

CVE-2019-8389

A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder with a crafted ../ payload...

7.9AI score0.01459EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/02/11 12:0 a.m.101 views

Fedora 28 : phpMyAdmin (2019-6cfd17b03d)

Upstream announcement: Security fix: phpMyAdmin 4.8.5 is released The phpMyAdmin team announces the release of phpMyAdmin version 4.8.5. Among other bug fixes, this contains several important security fixes. Upgrading is highly recommended for all users. The security fixes involve : - Arbitrary...

9.8CVSS8.4AI score0.03881EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/02/11 12:0 a.m.44 views

Fedora 29 : phpMyAdmin (2019-09ae31d880)

Upstream announcement: Security fix: phpMyAdmin 4.8.5 is released The phpMyAdmin team announces the release of phpMyAdmin version 4.8.5. Among other bug fixes, this contains several important security fixes. Upgrading is highly recommended for all users. The security fixes involve : - Arbitrary...

9.8CVSS8.4AI score0.03881EPSS
Exploits0References2
CNVD
CNVD
added 2019/01/21 12:0 a.m.2 views

Arbitrary File Deletion, File Read Vulnerability in Ectouch WechatController Backend

ECTouch is a mobile mall online store system launched by Shanghai Shangchuang Network Technology Co. Ectouch WechatController backend exists arbitrary file deletion, file reading vulnerability. Attackers can use the vulnerability to reinstall the system and obtain configuration files...

7AI score
Exploits0
CNVD
CNVD
added 2018/12/26 12:0 a.m.5 views

S-CMS File Read Vulnerability

S-CMS is a content management system CMS based on PHP and MySQL. A file read vulnerability exists in the admin/download.php file in S-CMS version 1.0, which can be exploited by an attacker to read files with the help of the 'DownName' parameter...

7.5CVSS6.8AI score0.01208EPSS
Exploits1References1
CVE
CVE
added 2018/12/25 9:0 p.m.283 views

CVE-2018-20463

Summary: CVE-2018-20463 affects WordPress- JSmol2WP plugin,

7.5CVSS7.4AI score0.13078EPSS
Exploits2References2Affected Software1
0day.today
0day.today
added 2018/12/22 12:0 a.m.35 views

Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit

Exploit for windows platform in category local exploits The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while...

0.1AI score
Exploits0
Rows per page
Query Builder