522 matches found
CVE-2018-19039
Grafana CVE-2018-19039 affects Grafana before 4.6.5 and 5.x before 5.3.3, allowing remote authenticated users with Editor or Admin perms to read arbitrary files. Root cause is a file-read exposure via dashboards/editors. Upgrading to Grafana 4.6.5 or 5.3.3+ mitigates the issue; check vendor advis...
CVE-2018-19748
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...
Huawei Cloud RDS service suffers from arbitrary file read vulnerability
Huawei Cloud RDS Service is a specialized high-performance and highly reliable cloud database service provided by Huawei Technologies Co. An arbitrary file read vulnerability exists in Huawei Cloud RDS Service, which can be exploited by an attacker to read arbitrary files...
Design/Logic Flaw
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...
CVE-2018-15697
ASUSTOR Data Master (ADM) prior to version 3.1.6 is affected by CVE-2018-15697. Authenticated non-administrative users can read any file on a shared NAS by supplying the full path in the request (example: /home/admin/.ash_history). The issue stems from a file-disclosure vulnerability in ADM 3.1.5...
Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-3766
The CVE-2018-3766 issue affects the buttle module for Node.js, where versions
OneFileCMS Information Disclosure Vulnerability
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS 2017-10-08 and earlier versions. An attacker can exploit the...
CVE-2018-3724
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...
CVE-2015-9538
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpnextgengalleyfileread.rb 2024-02-28 10:41:08+00:00| seen| https://t.me/ctinow/195303 2025-10-23 21:12:58+00:00| seen|...
Arbitrary file read vulnerability in cms made simple backend for normal users
CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . cms made simple version 2.2.7 version of the background for file preview there is an arbitrary file read vulnerability , an attacker can...
CVE-2017-16786
The CVE-2017-16786 issue affects Meinberg LANTIME Web Configuration Utility on devices with firmware prior to 6.24.004. The vulnerability allows remote, authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2, or (2) vect...
Arbitrary file deletion
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...
CVE-2017-13801
CVE-2017-13801 affects macOS High Sierra before 10.13.1, specifically the Dictionary Widget. The vulnerability arises from a validation issue in the Dictionary Widget component that allows an attacker to read local files when pasted text is used as a search query. Impact is local information disc...
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
Web Viewer 1.0.0.193 Samsung SRN-1670D - Unrestricted File Upload Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com...
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...
Unrestricted file upload
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...
CVE-2017-3934
CVE-2017-3934 affects McAfee Network Data Loss Prevention (NDLP) server v9.3.x. The vulnerability is due to missing HTTP Strict Transport Security (HSTS) state, enabling MITM attackers to access confidential data by reading files on the web server. Descriptions in connected CNVD/NVD entries corro...
WordPress Job Manager Plugin File Read Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Job Manager is one of the task manager plugin. A file read vulnerability exists in versions of the WordPress Job...