11287 matches found
The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...
The vulnerability of the LockTcmSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the LockTcmSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...
The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a security intruder to read and write arbitrary files and execute arbitrary code.
The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...
Debian dla-4190 : mydumper - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4190 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4190-1 [email protected] https://www.debian.org/lts/security/...
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
GHSA-98V7-XXXV-HCRH Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
Improper Handling of Invalid Use of Special Elements
Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters into JDBC URL and potentially access or modify data without proper authorisation...
Improper Handling of Invalid Use of Special Elements
Overview org.apache.inlong:manager-common is an one-stop integration framework for massive data Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters...
CVE-2025-27528
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
WordPress File Away 3.9.9.0.1 Arbitrary File Read
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...
Arbitrary File Read Vulnerability in PicHome of Beijing Qiaoqiao Times Network Technology Co.
PicHome is an image display portal, image search engine for the Ouatto document system. Beijing Qiaoqiao Times Network Technology Co., Ltd PicHome has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2025-45529
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...
CVE-2025-45529
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
...
CVE-2025-45529
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...
PT-2025-23022 · Sscms · Sscms
Name of the Vulnerable Software and Affected Versions: SSCMS version 7.3.1 Description: The issue allows attackers to read arbitrary files by sending a crafted GET request to the "/cms/templates/templatesAssetsEditor" API endpoint, exploiting a flaw in the ReadTextAsynchronous function...
SSCMS 安全漏洞
SSCMS SiteServerCMS is a content management system from China's Bailong Qianwei SSCMS company. A security vulnerability exists in SSCMS version v7.3.1, which originates from the ReadTextAsynchronous function that allows reading arbitrary files...
CVE-2025-45529
CVE-2025-45529 affects SSCMS v7.3.1. The vulnerability resides in the ReadTextAsynchronous function, allowing an attacker to read arbitrary files by crafting a GET request to the endpoint /cms/templates/templatesAssetsEditor. Multiple connected sources confirm the same issue and root cause. A pra...