Lucene search
+L

522 matches found

myhack58
myhack58
added 2015/06/13 12:0 a.m.33 views

The star outside the host across the web catalog file read vulnerability-vulnerability warning-the black bar safety net

Recently encountered more and more are the star outside the host..a variety of balls.. The clouds broke, the stars outside the cross-the directory to read the file this vulnerability to bring a lot of convenience, so in this recording it for later reference use. Detailed description: The problem...

0.9AI score
Exploits0
Prion
Prion
added 2014/12/01 3:59 p.m.44 views

Directory traversal

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. dot dot in a resource URI...

5CVSS7AI score0.25082EPSS
Exploits6References5Affected Software1
RedHat Linux
RedHat Linux
added 2014/11/25 4:48 p.m.37 views

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

7.5CVSS6.7AI score0.21045EPSS
Exploits2References9
NVD
NVD
added 2014/11/19 6:59 p.m.20 views

CVE-2014-6624

The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors...

6.8CVSS6.3AI score0.01281EPSS
Exploits0References4
Prion
Prion
added 2014/08/11 8:55 p.m.25 views

Code injection

The server in Cisco Unity Connection 9.11 and 9.12 allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014...

9CVSS6.5AI score0.0313EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

Greg Matthews Classifieds.cgi 1.0 Metacharacter Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2020/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/07 12:0 a.m.21 views

Destoon 20140530最新版超全局变量覆盖导致的安全问题(官方demo演示)

简要描述: 短时间没找到合适的注入 找了个任意文件读取发上来了 详细说明: 代码片段0x1 /common.inc.php行17 None 这里用$GET配合上传unset了$FILES然后在extract$POST的时候重新初始化了$FILES 随便选个文件提交拦下数据包 修改 Content-Disposition: form-data; name="file"; filename="" 中的filename字段为空 如图就返回了我们要读取的文件了 漏洞证明:...

7.1AI score
Exploits0
OSV
OSV
added 2014/05/08 2:29 p.m.10 views

CVE-2014-0134

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

5.9AI score
Exploits0References3
OSV
OSV
added 2014/04/28 2:9 p.m.12 views

CVE-2014-2383

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...

6.8CVSS8.5AI score0.39231EPSS
Exploits6References8
CVE
CVE
added 2014/04/28 12:0 a.m.128 views

CVE-2014-2383

Dompdf vulnerability CVE-2014-2383 (affecting dompdf/dompdf) is an input_file local file inclusion when DOMPDF_ENABLE_PHP is enabled, allowing context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP stream (e.g., php://filter/read=convert.base64-encode/resource...

6.8CVSS8.3AI score0.39231EPSS
Exploits6References5Affected Software1
Exploit DB
Exploit DB
added 2014/04/24 12:0 a.m.70 views

dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read

Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.php file that allows remote or local...

6.8CVSS8.7AI score0.39231EPSS
Exploits6
Cvelist
Cvelist
added 2013/11/13 1:0 a.m.31 views

CVE-2013-5328

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...

6.8AI score0.03113EPSS
Exploits0References1
seebug.org
seebug.org
added 2013/09/22 12:0 a.m.31 views

magento 1.7.0.1 /lib/Zend/XmlRpc/Request.php 任意文件读取漏洞

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/08/25 12:0 a.m.17 views

Timor friends P2P lending system arbitrary file read vulnerability-vulnerability warning-the black bar safety net

Using this system site the back plus the index. php? plugins&q=imgurl&url=QGltZ3VybEAvY29yZS9jb21tb24uaW5jlnboca== Can broke database related information...

1.8AI score
Exploits0
Cvelist
Cvelist
added 2013/05/09 10:0 a.m.29 views

CVE-2013-3336

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors...

6.5AI score0.74265EPSS
Exploits2References3
Prion
Prion
added 2013/04/12 10:55 p.m.22 views

Design/Logic Flaw

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.1AI score0.01371EPSS
Exploits1References4Affected Software1
myhack58
myhack58
added 2013/03/23 12:0 a.m.11 views

trs inforadar arbitrary file read vulnerability-vulnerability warning-the black bar safety net

Brief description: Doing projects found inforadar arbitrary file read vulnerability Detailed description: Doing projects found inforadar arbitrary file read vulnerability /inforadar/jsp/file/filedownload. jsp? fileType=file&fileName=../../../../../../../../../../../../../../etc/passwd Vulnerabili...

1.4AI score
Exploits0
CVE
CVE
added 2012/12/18 1:0 a.m.60 views

CVE-2012-5574

CVE-2012-5574 affects Symfony CMS: lib/form/sfForm.class.php before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request, enabling information disclosure. The entry is confirmed across multiple feeds (NVD, Gentoo GLSA 201405-25, OpenVAS entries) and remediation is t...

5CVSS6.4AI score0.0349EPSS
Exploits1References12Affected Software1
Symfony
Symfony
added 2012/11/25 12:0 a.m.52 views

Security release: symfony 1.4.20 released

symfony 1.4.20 has just been released and it contains a security fix. Uli Hecht contacted us a couple of days ago about a security issue in symfony 1.4. The vulnerability allows reading any file stored on the server if it is readable by the web server. Your application is vulnerable if there is a...

6.7AI score
Exploits0
myhack58
myhack58
added 2012/08/31 12:0 a.m.18 views

SpeedCMS intelligent enterprise website management system arbitrary file read vulnerability-vulnerability warning-the black bar safety net

inurl:article/file/cid http://xxx.com/Article/file/cid/534/?file=../../../../../../../etc/passwd ! SpeedCMS intelligent enterprise website management system arbitrary file read vulnerability...

0.6AI score
Exploits0
Rows per page
Query Builder