11272 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-10472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users in certain configurations to read arbitrary dom0 files via QMP live insertion of a...
Linux Distros Unpatched Vulnerability : CVE-2016-10187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. CVE-2016-10187 Note that Nessu...
CVE-2025-9257
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...
Linux Distros Unpatched Vulnerability : CVE-2017-9993
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extension...
Linux Distros Unpatched Vulnerability : CVE-2016-5000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity...
Linux Distros Unpatched Vulnerability : CVE-2019-12415
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an...
Dpanel has an arbitrary file read vulnerability
Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...
GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability
Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...
CVE-2009-10005
ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...
CVE-2025-53363 Dpanel has an arbitrary file read vulnerability
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
CVE-2025-53363 Dpanel has an arbitrary file read vulnerability
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
CVE-2025-9259
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-9259
CVE-2025-9259 concerns WebITR by Uniong, with an arbitrary file reading vulnerability caused by an Absolute Path Traversal issue. The affected software/component is WebITR; the impact described is that remote attackers with regular privileges can download arbitrary system files. Public references...
Dpanel 安全漏洞
Dpanel is a lightweight Docker visualization management panel open source by Donknap, providing perfect container management features. A security vulnerability exists in Dpanel versions 1.2.0 through 1.7.2, which stems from the /api/app/compose/get-from-uri API endpoint that does not properly...
PT-2025-34345 · Uniong · Webitr
Name of the Vulnerable Software and Affected Versions: WebITR affected versions not specified Description: WebITR developed by Uniong is susceptible to an Arbitrary File Reading issue. This allows remote attackers with regular privileges to exploit Absolute Path Traversal and download arbitrary...
Directory Traversal
Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
ROS-20250821-08
A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...
CVE-2025-50901
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 2025-05-19 contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading...
CVE-2009-10005
ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...