11287 matches found
CVE-2024-44720
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component adminsafe.php...
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile...
CVE-2024-39210
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application...
CVE-2024-45709
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...
CVE-2024-40051
IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter...
CVE-2024-52726
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the savebasics function which allows an attacker to obtain sensitive information...
CVE-2024-29073
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...
CVE-2024-33383
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter...
CVE-2023-30945
Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...
CVE-2023-41968
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files...
CVE-2023-30804
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrator panel to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in datasysfilestoragedatasDEFlDEFbasePathvDEF...
CVE-2023-47171
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...
CVE-2023-49862
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLgifimage parameter...
CVE-2023-51062
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command...
CVE-2023-51926
YonBIP v323.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component...
CVE-2023-24487
Arbitrary file read in Citrix ADC and Citrix Gateway...
CVE-2023-26043
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
CVE-2023-26580
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...
CVE-2023-48848
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...