Lucene search
+L

522 matches found

CVE
CVE
added 2018/12/13 7:0 p.m.206 views

CVE-2018-19039

Grafana CVE-2018-19039 affects Grafana before 4.6.5 and 5.x before 5.3.3, allowing remote authenticated users with Editor or Admin perms to read arbitrary files. Root cause is a file-read exposure via dashboards/editors. Upgrading to Grafana 4.6.5 or 5.3.3+ mitigates the issue; check vendor advis...

6.5CVSS6.3AI score0.0728EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2018/11/29 9:0 p.m.22 views

CVE-2018-19748

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...

7.6AI score0.02024EPSS
Exploits1References2
CNVD
CNVD
added 2018/11/28 12:0 a.m.3 views

Huawei Cloud RDS service suffers from arbitrary file read vulnerability

Huawei Cloud RDS Service is a specialized high-performance and highly reliable cloud database service provided by Huawei Technologies Co. An arbitrary file read vulnerability exists in Huawei Cloud RDS Service, which can be exploited by an attacker to read arbitrary files...

6.8AI score
Exploits0
Prion
Prion
added 2018/10/11 9:1 p.m.14 views

Design/Logic Flaw

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

7.5CVSS9.6AI score0.01489EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/08/27 2:0 p.m.59 views

CVE-2018-15697

ASUSTOR Data Master (ADM) prior to version 3.1.6 is affected by CVE-2018-15697. Authenticated non-administrative users can read any file on a shared NAS by supplying the full path in the request (example: /home/admin/.ash_history). The issue stems from a file-disclosure vulnerability in ADM 3.1.5...

6.5CVSS6.6AI score0.00907EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2018/07/24 12:0 a.m.106 views

Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.4AI score0.86641EPSS
Exploits8References1
CVE
CVE
added 2018/07/05 4:0 p.m.56 views

CVE-2018-3766

The CVE-2018-3766 issue affects the buttle module for Node.js, where versions

7.5CVSS7.3AI score0.01918EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/07/04 12:0 a.m.3 views

OneFileCMS Information Disclosure Vulnerability

OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS 2017-10-08 and earlier versions. An attacker can exploit the...

9.8CVSS9.3AI score0.01431EPSS
Exploits0References1
OSV
OSV
added 2018/06/07 2:29 a.m.3 views

CVE-2018-3724

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

7.5CVSS5.8AI score0.01764EPSS
Exploits1References1
Circl
Circl
added 2018/05/29 3:50 p.m.4 views

CVE-2015-9538

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpnextgengalleyfileread.rb 2024-02-28 10:41:08+00:00| seen| https://t.me/ctinow/195303 2025-10-23 21:12:58+00:00| seen|...

6.5CVSS6.4AI score0.10118EPSS
Exploits1References2
CNVD
CNVD
added 2018/04/27 12:0 a.m.4 views

Arbitrary file read vulnerability in cms made simple backend for normal users

CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . cms made simple version 2.2.7 version of the background for file preview there is an arbitrary file read vulnerability , an attacker can...

7AI score
Exploits0
CVE
CVE
added 2017/12/19 3:0 p.m.51 views

CVE-2017-16786

The CVE-2017-16786 issue affects Meinberg LANTIME Web Configuration Utility on devices with firmware prior to 6.24.004. The vulnerability allows remote, authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2, or (2) vect...

6.8CVSS6.2AI score0.02012EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/12/04 8:29 a.m.15 views

Arbitrary file deletion

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...

7.8CVSS7.5AI score0.01705EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/11/13 3:0 a.m.62 views

CVE-2017-13801

CVE-2017-13801 affects macOS High Sierra before 10.13.1, specifically the Dictionary Widget. The vulnerability arises from a validation issue in the Dictionary Widget component that allows an attacker to read local files when pasted text is used as a search query. Impact is local information disc...

3.3CVSS4.6AI score0.00303EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2017/11/13 12:0 a.m.102 views

Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload

Web Viewer 1.0.0.193 Samsung SRN-1670D - Unrestricted File Upload Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com...

6.5CVSS0.6AI score0.51379EPSS
Exploits7
NVD
NVD
added 2017/11/06 8:29 a.m.21 views

CVE-2017-16524

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

8.8CVSS8.6AI score0.30296EPSS
Exploits7References2
Prion
Prion
added 2017/11/06 8:29 a.m.16 views

Unrestricted file upload

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

6.5CVSS8.5AI score0.51379EPSS
Exploits7References2Affected Software1
Cvelist
Cvelist
added 2017/11/06 8:0 a.m.29 views

CVE-2017-16524

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

8.7AI score0.30296EPSS
Exploits7References2
CVE
CVE
added 2017/10/31 2:0 p.m.65 views

CVE-2017-3934

CVE-2017-3934 affects McAfee Network Data Loss Prevention (NDLP) server v9.3.x. The vulnerability is due to missing HTTP Strict Transport Security (HSTS) state, enabling MITM attackers to access confidential data by reading files on the web server. Descriptions in connected CNVD/NVD entries corro...

5.9CVSS5.4AI score0.00991EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/10/27 12:0 a.m.11 views

WordPress Job Manager Plugin File Read Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Job Manager is one of the task manager plugin. A file read vulnerability exists in versions of the WordPress Job...

7.5CVSS7.3AI score0.10031EPSS
Exploits1References1
Rows per page
Query Builder